Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Remove Boot.Tidserv


  • Please log in to reply

#1
Calum

Calum

    Member

  • Member
  • PipPip
  • 13 posts
I am having the hardest time removing Boot.Tidserv from my sister-in-laws computer. The OS is Windows 7. I have Norton 360 on her computer. I tried all the recommendations to remove it. The only way I was able to detect it was to use their Bootable Removal Kit. It detected it but wasn't able to remove it. Norton also suggested that if that doesn't work, start up in safe mode and run a full scan. It didn't even detect the Boot.Tidserv. I read that one thing to prevent reinfection is to temporarily disable System Restore so I did that. That's about as far as I got. I read a previous discussion on this website about the same issue but I wanted to talk to someone first. Any help would be greatly appreciated. Thank you very much.

OTL logfile created on: 5/11/2011 9:42:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = E:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 112.11 Gb Free Space | 81.87% Space Free | Partition Type: NTFS
Drive D: | 467.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.77 Gb Total Space | 3.47 Gb Free Space | 91.93% Space Free | Partition Type: FAT32

Computer Name: MIMI | User Name: krystlestinson | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 21:40:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 21:40:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/29 11:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 19:23:50 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 19:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2009/10/02 00:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 04:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 05:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 03:47:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2011/05/10 19:24:05 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/10 19:24:05 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/01 11:14:51 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110511.002\EX64.SYS -- (NAVEX15)
DRV - [2011/05/01 11:14:51 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110511.002\ENG64.SYS -- (NAVENG)
DRV - [2011/04/15 15:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 13:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110509.001_b84\IDSviA64.sys -- (IDSVia64)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...44z195t44i2y486
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...44z195t44i2y486

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...44z195t44i2y486
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...44z195t44i2y486
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/05/10 21:51:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/05/10 19:23:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/30 21:30:34 | 000,000,129 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c6e8f438-737e-11e0-a5d5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6e8f438-737e-11e0-a5d5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\NBRTSTRT.EXE -- [2010/11/20 00:51:49 | 000,127,960 | R--- | M] (Symantec Corporation)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\NBRTSTRT.EXE -- [2010/11/20 00:51:49 | 000,127,960 | R--- | M] (Symantec Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 20:39:29 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/05/11 17:07:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2011/05/11 17:07:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0305000.017
[2011/05/11 17:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2011/05/11 17:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/05/11 16:50:04 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/05/11 16:43:52 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\NPE
[2011/05/10 19:30:44 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Tific
[2011/05/10 19:23:49 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/05/10 19:23:49 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/05/10 19:23:49 | 000,382,584 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/05/10 19:23:49 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/05/10 19:23:48 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/05/10 19:23:48 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/05/10 19:23:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/05/01 15:47:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/01 10:41:43 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/04/30 23:18:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/04/30 23:18:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/04/30 22:24:50 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\Documents\CyberLink
[2011/04/30 22:24:30 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\CyberLink
[2011/04/30 22:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/04/30 22:15:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/04/30 22:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/30 22:07:44 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\Windows Live
[2011/04/30 21:59:22 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\Microsoft Help
[2011/04/30 21:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/04/30 20:45:59 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\Documents\Symantec
[2011/04/30 20:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011/04/30 20:42:36 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/04/30 20:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/30 20:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/30 20:39:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/04/30 20:39:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/04/30 20:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011/04/30 20:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/30 20:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/30 20:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/04/30 20:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/04/30 20:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/04/30 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/04/30 20:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/04/30 20:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/04/30 20:17:08 | 000,000,000 | ---D | C] -- C:\Windows\OEMTemp
[2011/04/30 19:03:50 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2011/04/30 18:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/04/30 18:12:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/04/30 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/04/30 18:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/30 18:11:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/04/30 18:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/04/30 18:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/04/30 18:08:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/04/30 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Macromedia
[2011/04/30 17:40:52 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\Adobe
[2011/04/30 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Adobe
[2011/04/30 17:38:35 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Google
[2011/04/30 17:38:32 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\Google
[2011/04/30 17:03:52 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\Diagnostics
[2011/04/30 16:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[2011/04/30 16:36:50 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\InstallShield
[2011/04/30 16:35:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2011/04/30 16:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2011/04/30 16:21:39 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\ATI
[2011/04/30 16:21:39 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\ATI
[2011/04/30 16:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/30 16:21:01 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Acer
[2011/04/30 16:21:00 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Leadertech
[2011/04/30 16:20:56 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\EgisTec
[2011/04/30 16:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McQcModifier-5c47-a7b0
[2011/04/30 16:20:52 | 000,000,000 | ---D | C] -- C:\book
[2011/04/30 16:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/04/30 16:20:21 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/30 16:20:21 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Searches
[2011/04/30 16:20:21 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/30 16:20:07 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Identities
[2011/04/30 16:20:02 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Contacts
[2011/04/30 16:19:58 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\VirtualStore
[2011/04/30 16:19:14 | 000,000,000 | -H-D | C] -- C:\Users\krystlestinson\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/04/30 16:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2011/04/30 16:16:57 | 000,000,000 | --SD | C] -- C:\Users\krystlestinson\AppData\Roaming\Microsoft
[2011/04/30 16:16:57 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/04/30 16:16:57 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Desktop
[2011/04/30 16:16:57 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\AppData\Local\Temporary Internet Files
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Templates
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Start Menu
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\SendTo
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Recent
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\PrintHood
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\NetHood
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Documents\My Videos
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Documents\My Pictures
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Documents\My Music
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\My Documents
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Local Settings
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\AppData\Local\History
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Cookies
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\Application Data
[2011/04/30 16:16:57 | 000,000,000 | -HSD | C] -- C:\Users\krystlestinson\AppData\Local\Application Data
[2011/04/30 16:16:57 | 000,000,000 | -H-D | C] -- C:\Users\krystlestinson\AppData
[2011/04/30 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\Temp
[2011/04/30 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Local\Microsoft
[2011/04/30 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\krystlestinson\AppData\Roaming\Media Center Programs
[2011/04/30 16:16:56 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Videos
[2011/04/30 16:16:56 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Saved Games
[2011/04/30 16:16:56 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Pictures
[2011/04/30 16:16:56 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Music
[2011/04/30 16:16:56 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Links
[2011/04/30 16:16:56 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Favorites
[2011/04/30 16:16:56 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\Downloads
[2011/04/30 16:16:56 | 000,000,000 | R--D | C] -- C:\Users\krystlestinson\My Documents
[2011/04/30 16:16:44 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/05/11 20:11:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 20:11:50 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/11 19:57:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 19:57:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 17:21:35 | 490,700,800 | ---- | M] () -- C:\NBRT.iso
[2011/05/11 17:12:00 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/11 17:12:00 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/11 17:12:00 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/11 17:09:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/11 17:08:11 | 001,282,088 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/05/11 17:08:00 | 000,001,541 | ---- | M] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/05/11 16:50:04 | 000,001,343 | ---- | M] () -- C:\Users\krystlestinson\Desktop\Norton Installation Files.lnk
[2011/05/11 10:28:47 | 346,078,735 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/10 21:51:15 | 000,002,392 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/05/10 19:23:50 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/10 19:23:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/10 19:23:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/01 11:27:17 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/01 06:43:43 | 000,001,445 | ---- | M] () -- C:\Users\krystlestinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/30 22:54:15 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/30 22:54:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/30 20:39:35 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIBUN5.dll
[2011/04/30 20:38:45 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdate.dll
[2011/04/30 19:03:50 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2011/04/30 18:16:00 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/04/30 18:16:00 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/04/30 18:12:57 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2011/04/30 16:36:45 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
[2011/04/30 16:36:45 | 000,000,074 | ---- | M] () -- C:\Windows\PidList.ini
[2011/04/30 16:34:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01007.Wdf
[2011/04/30 16:17:18 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/04/28 23:05:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini

========== Files Created - No Company Name ==========

[2011/05/11 17:20:50 | 490,700,800 | ---- | C] () -- C:\NBRT.iso
[2011/05/11 17:09:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/11 17:08:00 | 000,001,541 | ---- | C] () -- C:\Users\Public\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/05/11 17:07:24 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0305000.017\isolate.ini
[2011/05/11 16:50:04 | 000,001,343 | ---- | C] () -- C:\Users\krystlestinson\Desktop\Norton Installation Files.lnk
[2011/05/10 21:50:23 | 001,282,088 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/05/10 19:23:49 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/05/10 19:23:49 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/05/10 19:23:49 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/05/10 19:23:49 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/05/10 19:23:49 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/05/10 19:23:49 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/05/10 19:23:49 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/05/10 19:23:48 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/05/10 19:23:48 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/05/10 19:23:48 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/05/10 19:23:48 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/05/10 19:23:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/05/10 19:23:26 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/05/01 15:46:56 | 346,078,735 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/30 22:54:15 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/30 22:54:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/30 20:42:36 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/04/30 20:42:36 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/04/30 20:42:08 | 000,002,392 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/04/30 20:31:35 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/04/30 20:31:13 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/04/30 19:05:06 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2011/04/30 18:10:02 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem3.inf
[2011/04/30 18:08:41 | 1406,177,280 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/30 17:38:10 | 000,001,445 | ---- | C] () -- C:\Users\krystlestinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/30 16:37:11 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/04/30 16:37:11 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011/04/30 16:37:11 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2011/04/30 16:34:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01007.Wdf
[2011/04/30 16:20:33 | 000,001,417 | ---- | C] () -- C:\Users\krystlestinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/04/30 16:20:24 | 000,001,451 | ---- | C] () -- C:\Users\krystlestinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/04/30 16:18:15 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2011/04/30 16:17:18 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/04/30 16:16:57 | 000,000,290 | ---- | C] () -- C:\Users\krystlestinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/04/30 16:16:57 | 000,000,272 | ---- | C] () -- C:\Users\krystlestinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/11/06 02:37:37 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2009/11/06 01:44:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/30 16:21:01 | 000,000,000 | ---D | M] -- C:\Users\krystlestinson\AppData\Roaming\Acer
[2011/04/30 16:21:00 | 000,000,000 | ---D | M] -- C:\Users\krystlestinson\AppData\Roaming\Leadertech
[2011/05/10 19:30:44 | 000,000,000 | ---D | M] -- C:\Users\krystlestinson\AppData\Roaming\Tific
[2009/07/14 00:08:49 | 000,003,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(19).TXT
[2009/07/14 00:08:49 | 000,008,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Calum, 11 May 2011 - 08:52 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Pause your anti-virus then download aswmbr and run it.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Restart your anti-virus.


Ron
  • 0

#3
Calum

Calum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The fix button is enabled. I am very tempted to hit that button but I want to wait for you response. Thank you.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-12 17:58:09
-----------------------------
17:58:09.094 OS Version: Windows x64 6.1.7600
17:58:09.094 Number of processors: 1 586 0x7C02
17:58:09.094 ComputerName: MIMI UserName:
17:58:10.357 Initialize success
17:58:29.810 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
17:58:29.810 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
17:58:29.826 Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#5&25a38021&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
17:58:29.826 Device \Driver\atapi -> DriverStartIo fffffa800269542c
17:58:31.870 Disk 0 MBR read successfully
17:58:31.870 Disk 0 MBR scan
17:58:31.885 Disk 0 TDL4@MBR code has been found
17:58:31.901 Disk 0 Windows 7 default MBR code found via API
17:58:31.901 Disk 0 MBR hidden
17:58:31.901 Disk 0 MBR [TDL4] **ROOTKIT**
17:58:31.916 Disk 0 trace - called modules:
17:58:31.916 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80026955bc]<<
17:58:31.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002451760]
17:58:31.932 3 CLASSPNP.SYS[fffff8800107443f] -> nt!IofCallDriver -> [0xfffffa8002452bf0]
17:58:31.948 5 ACPI.sys[fffff88000fb4781] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0xfffffa80023d6680]
17:58:31.948 \Driver\atapi[0xfffffa8002748550] -> IRP_MJ_CREATE -> 0xfffffa80026955bc
17:58:31.963 Scan finished successfully
17:59:31.992 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
17:59:32.242 The log file has been saved successfully to "E:\aswMBR.txt"
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Hit the FIX button then post a new aswmbr log. Also run TDSSKiller:


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Ron
  • 0

#5
Calum

Calum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the aswmbr log. I ran it after the TDSSKiller. I hope that is okay.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-12 18:36:57
-----------------------------
18:36:57.274 OS Version: Windows x64 6.1.7600
18:36:57.274 Number of processors: 1 586 0x7C02
18:36:57.274 ComputerName: MIMI UserName:
18:36:58.319 Initialize success
18:37:01.189 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:37:01.189 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
18:37:03.748 Disk 0 MBR read successfully
18:37:03.748 Disk 0 MBR scan
18:37:03.763 Disk 0 Windows 7 default MBR code
18:37:03.763 Service scanning
18:37:06.072 Disk 0 trace - called modules:
18:37:06.119 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:37:06.119 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002450790]
18:37:06.134 3 CLASSPNP.SYS[fffff880013ca43f] -> nt!IofCallDriver -> [0xfffffa800244c9b0]
18:37:06.134 5 ACPI.sys[fffff88000f00781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80023dd060]
18:37:06.150 Scan finished successfully
18:37:21.500 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
18:37:21.750 The log file has been saved successfully to "E:\aswMBR2.txt"

Here is the log file from TDSSKILLER. I was prompted to reboot the computer and I did so.

2011/05/12 18:34:23.0962 3672 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/12 18:34:24.0056 3672 ================================================================================
2011/05/12 18:34:24.0056 3672 SystemInfo:
2011/05/12 18:34:24.0056 3672
2011/05/12 18:34:24.0056 3672 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/12 18:34:24.0056 3672 Product type: Workstation
2011/05/12 18:34:24.0056 3672 ComputerName: MIMI
2011/05/12 18:34:24.0056 3672 UserName: krystlestinson
2011/05/12 18:34:24.0056 3672 Windows directory: C:\Windows
2011/05/12 18:34:24.0056 3672 System windows directory: C:\Windows
2011/05/12 18:34:24.0056 3672 Running under WOW64
2011/05/12 18:34:24.0056 3672 Processor architecture: Intel x64
2011/05/12 18:34:24.0056 3672 Number of processors: 1
2011/05/12 18:34:24.0056 3672 Page size: 0x1000
2011/05/12 18:34:24.0056 3672 Boot type: Normal boot
2011/05/12 18:34:24.0056 3672 ================================================================================
2011/05/12 18:34:25.0491 3672 Initialize success
2011/05/12 18:34:35.0818 3260 ================================================================================
2011/05/12 18:34:35.0818 3260 Scan started
2011/05/12 18:34:35.0818 3260 Mode: Manual;
2011/05/12 18:34:35.0818 3260 ================================================================================
2011/05/12 18:34:38.0065 3260 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/12 18:34:38.0346 3260 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/12 18:34:38.0595 3260 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/12 18:34:38.0876 3260 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/12 18:34:39.0079 3260 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/12 18:34:39.0141 3260 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/12 18:34:39.0266 3260 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/12 18:34:39.0344 3260 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/12 18:34:39.0438 3260 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/12 18:34:39.0500 3260 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/12 18:34:39.0578 3260 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/12 18:34:39.0609 3260 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/12 18:34:39.0672 3260 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/12 18:34:39.0734 3260 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/12 18:34:39.0781 3260 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/12 18:34:39.0906 3260 ApfiltrService (c79c86a0395689045710e24d64e5e086) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/05/12 18:34:39.0984 3260 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/12 18:34:40.0062 3260 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/12 18:34:40.0108 3260 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/12 18:34:40.0155 3260 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/12 18:34:40.0202 3260 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/12 18:34:40.0420 3260 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/12 18:34:40.0717 3260 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/05/12 18:34:40.0857 3260 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/12 18:34:40.0920 3260 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/12 18:34:41.0154 3260 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/05/12 18:34:41.0232 3260 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/12 18:34:41.0559 3260 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys
2011/05/12 18:34:41.0700 3260 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/12 18:34:41.0778 3260 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/12 18:34:41.0840 3260 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/12 18:34:41.0871 3260 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/12 18:34:41.0934 3260 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/12 18:34:41.0965 3260 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/12 18:34:41.0996 3260 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/12 18:34:42.0043 3260 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/12 18:34:42.0105 3260 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/12 18:34:42.0168 3260 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/12 18:34:42.0230 3260 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/12 18:34:42.0292 3260 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/12 18:34:42.0370 3260 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/12 18:34:42.0448 3260 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/12 18:34:42.0480 3260 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/12 18:34:42.0526 3260 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/12 18:34:42.0573 3260 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/12 18:34:42.0620 3260 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/12 18:34:42.0667 3260 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/12 18:34:42.0760 3260 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/12 18:34:42.0807 3260 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/12 18:34:42.0870 3260 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/12 18:34:43.0041 3260 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
2011/05/12 18:34:43.0182 3260 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/12 18:34:43.0322 3260 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/12 18:34:43.0478 3260 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/12 18:34:43.0743 3260 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/12 18:34:43.0962 3260 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/12 18:34:44.0149 3260 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/12 18:34:44.0430 3260 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/12 18:34:44.0664 3260 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/12 18:34:44.0710 3260 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/12 18:34:44.0788 3260 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/12 18:34:44.0866 3260 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/12 18:34:44.0913 3260 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/12 18:34:44.0944 3260 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/12 18:34:44.0991 3260 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/12 18:34:45.0054 3260 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/12 18:34:45.0100 3260 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/12 18:34:45.0163 3260 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/12 18:34:45.0210 3260 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/12 18:34:45.0303 3260 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/12 18:34:45.0366 3260 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/12 18:34:45.0428 3260 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/12 18:34:45.0506 3260 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/12 18:34:45.0537 3260 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/12 18:34:45.0584 3260 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/12 18:34:45.0646 3260 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/12 18:34:45.0709 3260 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/12 18:34:45.0771 3260 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/12 18:34:45.0834 3260 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/12 18:34:45.0896 3260 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/12 18:34:45.0927 3260 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/12 18:34:45.0990 3260 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/12 18:34:46.0224 3260 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110509.001_b84\IDSvia64.sys
2011/05/12 18:34:46.0645 3260 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/12 18:34:46.0801 3260 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/12 18:34:46.0848 3260 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/12 18:34:46.0879 3260 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/12 18:34:46.0941 3260 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/12 18:34:46.0988 3260 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/12 18:34:47.0035 3260 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/12 18:34:47.0082 3260 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/12 18:34:47.0128 3260 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/12 18:34:47.0175 3260 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/12 18:34:47.0238 3260 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/12 18:34:47.0284 3260 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/12 18:34:47.0331 3260 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/12 18:34:47.0409 3260 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/12 18:34:47.0456 3260 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/12 18:34:47.0534 3260 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/05/12 18:34:47.0643 3260 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/12 18:34:47.0737 3260 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/12 18:34:47.0784 3260 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/12 18:34:47.0815 3260 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/12 18:34:47.0877 3260 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/12 18:34:47.0940 3260 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/12 18:34:47.0986 3260 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/12 18:34:48.0049 3260 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/12 18:34:48.0096 3260 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/12 18:34:48.0142 3260 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/12 18:34:48.0174 3260 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/12 18:34:48.0220 3260 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/12 18:34:48.0252 3260 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/12 18:34:48.0314 3260 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/12 18:34:48.0361 3260 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/12 18:34:48.0408 3260 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/12 18:34:48.0470 3260 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/12 18:34:48.0517 3260 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/12 18:34:48.0579 3260 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/12 18:34:48.0626 3260 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/12 18:34:48.0673 3260 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/12 18:34:48.0735 3260 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/12 18:34:48.0798 3260 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/12 18:34:48.0860 3260 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/12 18:34:49.0000 3260 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/12 18:34:49.0032 3260 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/12 18:34:49.0063 3260 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/12 18:34:49.0125 3260 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/12 18:34:49.0172 3260 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/12 18:34:49.0219 3260 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/12 18:34:49.0250 3260 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/12 18:34:49.0297 3260 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/12 18:34:49.0344 3260 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/05/12 18:34:49.0390 3260 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/05/12 18:34:49.0453 3260 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/05/12 18:34:49.0562 3260 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/12 18:34:49.0734 3260 NAVENG (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110511.002\ENG64.SYS
2011/05/12 18:34:49.0827 3260 NAVEX15 (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110511.002\EX64.SYS
2011/05/12 18:34:50.0030 3260 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/12 18:34:50.0108 3260 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/12 18:34:50.0155 3260 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/12 18:34:50.0202 3260 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/12 18:34:50.0248 3260 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/12 18:34:50.0280 3260 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/12 18:34:50.0326 3260 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/12 18:34:50.0389 3260 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/12 18:34:50.0482 3260 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/12 18:34:50.0545 3260 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/12 18:34:50.0592 3260 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/12 18:34:50.0701 3260 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/05/12 18:34:50.0888 3260 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/05/12 18:34:50.0950 3260 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/12 18:34:51.0028 3260 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/12 18:34:51.0075 3260 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/12 18:34:51.0138 3260 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/12 18:34:51.0184 3260 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/12 18:34:51.0247 3260 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/12 18:34:51.0309 3260 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/12 18:34:51.0356 3260 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/12 18:34:51.0403 3260 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/12 18:34:51.0450 3260 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/12 18:34:51.0481 3260 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/12 18:34:51.0543 3260 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/12 18:34:51.0808 3260 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/12 18:34:51.0871 3260 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/12 18:34:51.0949 3260 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/12 18:34:52.0027 3260 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/12 18:34:52.0089 3260 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/12 18:34:52.0152 3260 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/12 18:34:52.0183 3260 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/12 18:34:52.0261 3260 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/12 18:34:52.0308 3260 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/12 18:34:52.0354 3260 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/12 18:34:52.0401 3260 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/12 18:34:52.0448 3260 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/12 18:34:52.0495 3260 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/12 18:34:52.0542 3260 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/12 18:34:52.0588 3260 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/12 18:34:52.0651 3260 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/12 18:34:52.0698 3260 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/12 18:34:52.0744 3260 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/12 18:34:52.0854 3260 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/12 18:34:53.0244 3260 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/05/12 18:34:53.0571 3260 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/12 18:34:53.0634 3260 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/12 18:34:53.0696 3260 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/12 18:34:53.0774 3260 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/12 18:34:53.0821 3260 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/12 18:34:53.0852 3260 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/12 18:34:53.0930 3260 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/12 18:34:53.0977 3260 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/12 18:34:54.0008 3260 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/12 18:34:54.0039 3260 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/12 18:34:54.0102 3260 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/12 18:34:54.0133 3260 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/12 18:34:54.0211 3260 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/12 18:34:54.0289 3260 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/12 18:34:54.0445 3260 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
2011/05/12 18:34:54.0570 3260 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
2011/05/12 18:34:54.0648 3260 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/12 18:34:54.0710 3260 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/12 18:34:54.0757 3260 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/12 18:34:54.0850 3260 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/12 18:34:54.0913 3260 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/12 18:34:55.0022 3260 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
2011/05/12 18:34:55.0100 3260 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
2011/05/12 18:34:55.0240 3260 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/12 18:34:55.0381 3260 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
2011/05/12 18:34:55.0537 3260 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
2011/05/12 18:34:55.0677 3260 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/12 18:34:55.0786 3260 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/12 18:34:55.0864 3260 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/12 18:34:55.0927 3260 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/12 18:34:55.0974 3260 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/12 18:34:56.0020 3260 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/12 18:34:56.0052 3260 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/12 18:34:56.0161 3260 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/12 18:34:56.0192 3260 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/12 18:34:56.0254 3260 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/12 18:34:56.0317 3260 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/05/12 18:34:56.0379 3260 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/12 18:34:56.0457 3260 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/12 18:34:56.0504 3260 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/12 18:34:56.0535 3260 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/12 18:34:56.0598 3260 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/12 18:34:56.0676 3260 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/12 18:34:56.0722 3260 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/12 18:34:56.0785 3260 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/05/12 18:34:56.0832 3260 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/12 18:34:56.0878 3260 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/12 18:34:56.0941 3260 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/12 18:34:57.0019 3260 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/12 18:34:57.0050 3260 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/12 18:34:57.0128 3260 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/12 18:34:57.0206 3260 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/12 18:34:57.0268 3260 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/12 18:34:57.0315 3260 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/12 18:34:57.0346 3260 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/12 18:34:57.0393 3260 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/12 18:34:57.0424 3260 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/12 18:34:57.0487 3260 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/12 18:34:57.0534 3260 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/12 18:34:57.0596 3260 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/12 18:34:57.0643 3260 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/12 18:34:57.0705 3260 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/12 18:34:57.0752 3260 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/12 18:34:57.0814 3260 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/12 18:34:57.0846 3260 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/12 18:34:57.0939 3260 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/12 18:34:58.0017 3260 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/12 18:34:58.0142 3260 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/12 18:34:58.0189 3260 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/12 18:34:58.0329 3260 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/12 18:34:58.0438 3260 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/12 18:34:58.0516 3260 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/12 18:34:58.0594 3260 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/12 18:34:58.0750 3260 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/12 18:34:58.0813 3260 ================================================================================
2011/05/12 18:34:58.0813 3260 Scan finished
2011/05/12 18:34:58.0813 3260 ================================================================================
2011/05/12 18:34:58.0828 2384 Detected object count: 1
2011/05/12 18:35:13.0165 2384 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/12 18:35:13.0165 2384 \HardDisk0 - ok
2011/05/12 18:35:13.0165 2384 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/12 18:35:22.0104 3756 Deinitialize success
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Doesn't matter which order you run them in. Both can remove TDSS4.

TDSS usually causes redirects when you use a search engine like google and also sometimes likes to play audio ads in the background. I assume that was how you knew to look for it in the first place? Are there any more problems? I would run sfc just to be sure:

Start, All programs, Accessories then right click on Command Prompt and select Run As Administrator then type with an Enter after the line:

sfc  /scannow
(I use two spaces so you can see where one space goes. This will check your critical system files to make sure they haven't been tampered with. Should take but about 10 minutes or so.)

We also like to run the ESET scan. This will take a lot longer. Best to pause Symantec while it runs:

Use IE (right click and Run As Administrator if it has that option) and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

MalwareBytes Anti-Malware should also work with 64 bit Win 7. This one takes a couple of hours to run the Full Scan. Quickscan probably about an hour.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Ron
  • 0

#7
Calum

Calum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran sfc /scannow. There were no integrity violations. Before, there was a problem that couldn't be fixed. I ran the ESETScan and nothing was found so I didn't have the option to export to text file. I ran Malwarebytes and it found nothing. Here are the results of that scan. I'm thinking you have helped me solve the problem. I have just a couple more questions. First, is it okay to enable System Restore and probably a good idea to make one now that the issue is fixed? Second, I may have jumped the gun in trying to fix this problem and I restored the computer to it's factory settings. I did backupp all the files and my "Click-Free Automatic Backup." Do you think it would be safe to restore those files or is there an additional scan that I can perform on the backup? I just don't want to go through the same thing over again. Thanks so much for your help.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6564

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/12/2011 9:37:58 PM
mbam-log-2011-05-12 (21-37-58).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 245449
Time elapsed: 34 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Regardless of what idiots like Symantec and McAfee say, turning off your System Restore is not something you really want to do so turn it back on. System Restore is a safety net. Even if it has malware hiding in it it is better than no safety net. If you do something wrong without System Restore running you may not be able to boot to windows to fix it without System Restore. It's not like the malware is going to jump back onto your system from System Restore. You have to tell Windows to do a System Restore. Cleaning System Restore is a simple process so we usually wait until we are done.

You should be able to tell Symantec to scan your backed up files before putting them back so it should be OK to restore them.

If your A-V is a trial or about to expire you should uninstall it, run the norton removal tool then download and install the free Avast!
http://www.avast.com...ivirus-download
You have to register but it's free for a year or so then you just have to register again. You will probably notice that your system boots faster and runs quicker without Symantec. It's a real resource hog.

You may not have the latest Java (Java™ 6 Update 25). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.
Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.


Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Apple QuickTime is another program that needs to be up to date.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP