Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot.Tidserv keeps returning after norton says its removed


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP
Since that seems to be the only thing that works I would run AVP again.

You might check for a Scheduled Task that is reinstalling it. Normally I should see it in the logs but who knows.

Did the update stop?

Ron
  • 0

Advertisements


#17
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
no, the updates didnt stop. its still trying to install the same update over and over. it installs successfully and requires a reboot and upon reboot it says it failed to install and then requests to install it again. im going to run the avptools. that takes a few hours to run, so im going to say goodnight to you as its 1:21am here in new york and ill let the avptools run through the night. when i wake up tomorrow i will report back to you with the results. thank you so very much. all you do is sincerely appreciated.
  • 0

#18
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
good morning. so i ran the avptools and it didnt find any infection. but boot.tidserv is now gone again. i rebooted a few times and thankfully its gone. im still not sure why it came back? i did check my scheduled tasks, but nothing in there would be putting boot.tidserv back on my system. as far as the windows update problem i was having, it appears alot of people are having the same issue with this one update and microsoft is working on it. so for now i just hid the update and ill let it be for now. so i guess we're done fixing this problem. is there anything i have to do clean up and remove any of the programs i installed while trying to fix boot.tidserv, such as combofix? if so, please let me know. also, what is your paypal account email? i would like to send you a little something to say thanks for all your good effort. thank you again ron, your help is appreciated.
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP
Found another place where it can hide:

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

Also disable Hibernation. http://support.microsoft.com/kb/920730
Reboot. Make sure the file C:\hiberfil.sys is gone (if not delete it.) then re-enable Hibernation. I've just recently found that malware can hide there.

We need to cleanup System Restore:

Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron

PS. Please donate to Kwiaht instead of sending me money. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
  • 0

#20
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
by the way, my java is not working. when i go to a website that uses java it says java is not installed. when i check my programs and features, theres no java there at all. when i go back to java.com to install it, it says its already installed and asks if i want to reinstall. i say yes but then an error comes up and says "this action is only valid for products that are installed" and i cant do anything else. so i dont know what to do to get java on my machines.

ive included a pic of the disk management window.

i turned off and on hibernation. but both times i never saw a file named hiberfil.sys in my c drive. the c drive only has folders, not individual files.

i did the otl cleanup. but i dont use system restore as i use norton ghost and acronis.

i uninstalled combofix and then ran the otl cleanup. i also did the adobe reader steps and changed the password on my router.

i also went ahead and made a $10 donation to the charity you requested. i read about it and what theyre doing is a wonderful thing and i was happy to donate to them in your name. ive included a pic of my paypal screen.

UPON REBOOT BOOT.TIDSERV IS BACK - I CANT BELIEVE THIS! ive included a pic of my norton screen.

ron, let me ask you this. ive only had this computer for 1 month. its a new dell xps 8300. in this one month ive had more problems than ive had using computers all my life, and im 48. the problems have been as follows: java now not working. my ati software package wont install or delete. ati spent hours on the phone to me to no avail and said i need to do a clean install. also i tried to add microsoft word using word 2002 and it didnt install. but what happened afterwards was something i never saw before. everytime i rebooted a word install program would try to unsuccessfully install itself over and over. i was using authentic microsoft word cds. i had no choice but to use norton ghost to revert my system back to before this problem started. now im having this boot.tidserv problem and unfortunately i dont have a restore point in ghost to use before this happened beause i cleared out all the restore points.

do you think if i used dell system restore function to restore my computer to how it was shipped to me would eliminate these issues? would that fix this boot.tidserv problem? or do i need to do a clean install of windows myself using the windows disc instead of dells system restore to factory default?

im not saying im going to do this, im just asking your opinion if this is the way to go or if you think you can solve this boot.tidserv problem? ill wait to hear back from you, thank you.

Attached Thumbnails

  • disc mgmt.JPG
  • donation.JPG
  • norton boot tidserv.JPG

Edited by louuu, 29 November 2011 - 11:30 AM.

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP
Thanks for the donation. I should have waited with the cleanup until after I saw the results of the disk management but I thought since it wasn't showing it wouldn't find anything. You have the newest TDSS version. This is the recommended fix. Reverting back to how it came from the factory would probably not fix the problem.

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows 7 64-Bit (x64) Recovery Environment

Create a bootable CD, 1 for Gparted and 1 for the Windows 7 Recovery Enviroment, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is 2GB
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows 7 Recovery Environment CD and execute the following commands:

  • bootrec /FixMbr
  • bootrec /FixBoot
  • exit

Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

  • 0

#22
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
hi again. i did everything and heres the file you needed from the mbr program. i also checked my disc management and that 2mb drive is gone. upon reboot no boot.tidserv was found. do you think boot.tidserv is now gone for good?

how can i fix the java problem im having as i stated earlier. ill copy/paste it below, thank you.

copy/paste re java:
-------------------
by the way, my java is not working. when i go to a website that uses java it says java is not installed. when i check my programs and features, theres no java there at all. when i go back to java.com to install it, it says its already installed and asks if i want to reinstall. i say yes but then an error comes up and says "this action is only valid for products that are installed" and i cant do anything else. so i dont know what to do to get java on my machine.

mbr text:
---------
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS 8300
Logical Drives Mask: 0x00001e2c

Kernel Drivers (total 210):
0x02E07000 \SystemRoot\system32\ntoskrnl.exe
0x033F0000 \SystemRoot\system32\hal.dll
0x00BA4000 \SystemRoot\system32\kdcom.dll
0x00C0C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C5B000 \SystemRoot\system32\PSHED.dll
0x00C6F000 \SystemRoot\system32\CLFS.SYS
0x00CCD000 \SystemRoot\system32\CI.dll
0x00E9F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F43000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F52000 \SystemRoot\system32\drivers\ACPI.sys
0x00FA9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FB2000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FBC000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FC9000 \SystemRoot\system32\drivers\pci.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E2A000 \SystemRoot\system32\drivers\volmgr.sys
0x00E3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D8D000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DA7000 \SystemRoot\system32\drivers\atapi.sys
0x00DB0000 \SystemRoot\system32\drivers\ataport.SYS
0x00DDA000 \SystemRoot\system32\drivers\msahci.sys
0x00DE5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DF5000 \SystemRoot\system32\drivers\amdxata.sys
0x0104B000 \SystemRoot\system32\drivers\fltmgr.sys
0x01097000 \SystemRoot\system32\drivers\fileinfo.sys
0x010AB000 \SystemRoot\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
0x01112000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0111F000 \SystemRoot\system32\DRIVERS\symsnap.sys
0x01212000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0114D000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01431000 \SystemRoot\System32\Drivers\cng.sys
0x014A3000 \SystemRoot\System32\drivers\pcw.sys
0x014B4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014BE000 \SystemRoot\system32\drivers\ndis.sys
0x01602000 \SystemRoot\system32\drivers\NETIO.SYS
0x01662000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0182F000 \SystemRoot\System32\drivers\tcpip.sys
0x01A33000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A7D000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01B66000 \SystemRoot\system32\drivers\volsnap.sys
0x0168D000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01BB2000 \SystemRoot\System32\Drivers\spldr.sys
0x01BBA000 \SystemRoot\system32\DRIVERS\snapman.sys
0x015B1000 \SystemRoot\System32\drivers\rdyboost.sys
0x01800000 \SystemRoot\System32\Drivers\mup.sys
0x01812000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011AB000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\drivers\disk.sys
0x013D0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E22000 \SystemRoot\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
0x04400000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111128.036\EX64.SYS
0x02EA0000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x02ED6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20111128.036\ENG64.SYS
0x02EF6000 \SystemRoot\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
0x02F0A000 \SystemRoot\System32\Drivers\Null.SYS
0x045F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x02F13000 \SystemRoot\System32\drivers\vga.sys
0x02F21000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02F46000 \SystemRoot\System32\drivers\watchdog.sys
0x02F56000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02F5F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02F68000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02F71000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02F7C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02F8D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02FAF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0422F000 \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
0x0427B000 \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS
0x0428B000 \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMFW.SYS
0x042AD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x042F2000 \SystemRoot\system32\drivers\afd.sys
0x0437B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04384000 \SystemRoot\system32\DRIVERS\pacer.sys
0x043AA000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x043B5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x043C4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043DF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04C8C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04CDD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04CE9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04CF4000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20111128.030\IDSvia64.sys
0x04D71000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04C00000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04C26000 \SystemRoot\System32\drivers\discache.sys
0x04C35000 \SystemRoot\System32\Drivers\dfsc.sys
0x0467A000 \SystemRoot\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
0x04708000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04719000 \SystemRoot\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
0x04770000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04796000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x05805000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0625B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0634F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x06395000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x063B9000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x063CA000 \SystemRoot\system32\drivers\usbehci.sys
0x04600000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04C53000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x063DB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04A49000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04E5B000 \SystemRoot\system32\drivers\HCW85BDA.sys
0x04FFC000 \SystemRoot\system32\drivers\BdaSup.SYS
0x04E00000 \SystemRoot\system32\drivers\ks.sys
0x04E43000 \SystemRoot\system32\drivers\ksthunk.sys
0x04E49000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04AAF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04AC5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04AD5000 \SystemRoot\system32\DRIVERS\GenericMount.sys
0x04AEB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04B01000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04B25000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04B31000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04B60000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04B7B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04B9C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04BB6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04BC5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04E56000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04BD4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x06687000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x066E1000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x066FA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0670F000 \SystemRoot\system32\drivers\AtihdW76.sys
0x0674D000 \SystemRoot\system32\drivers\portcls.sys
0x0678A000 \SystemRoot\system32\drivers\drmk.sys
0x06CD2000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06F1B000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x06F6E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06F7C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06F95000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x000D0000 \SystemRoot\System32\win32k.sys
0x06F9E000 \SystemRoot\System32\drivers\Dxapi.sys
0x06FAA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06C00000 \SystemRoot\system32\DRIVERS\udfs.sys
0x06C55000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06C63000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06C70000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06C7E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06C8A000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x06C95000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06CA8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x06FC5000 \SystemRoot\system32\drivers\luafv.sys
0x067AC000 \SystemRoot\system32\drivers\WudfPf.sys
0x06FE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06CB6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05672000 \SystemRoot\system32\drivers\HTTP.sys
0x0573B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05759000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05771000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0579E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05624000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x08C86000 \SystemRoot\system32\drivers\peauth.sys
0x08D2C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08D37000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08D68000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08D7A000 \SystemRoot\system32\DRIVERS\v2imount.sys
0x08D89000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09CBD000 \SystemRoot\System32\DRIVERS\srv.sys
0x09D55000 \??\C:\Users\Luis\AppData\Local\Temp\ALSysIO64.sys
0x09D5E000 \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
0x09D64000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09C00000 \SystemRoot\system32\drivers\spsys.sys
0x770B0000 \Windows\System32\ntdll.dll
0x47D80000 \Windows\System32\smss.exe
0xFF3D0000 \Windows\System32\apisetschema.dll
0xFF180000 \Windows\System32\autochk.exe
0xFF350000 \Windows\System32\gdi32.dll
0xFF240000 \Windows\System32\msctf.dll
0xFF110000 \Windows\System32\rpcrt4.dll
0xFF100000 \Windows\System32\lpk.dll
0xFF080000 \Windows\System32\shlwapi.dll
0xFEFA0000 \Windows\System32\advapi32.dll
0x76F90000 \Windows\System32\kernel32.dll
0xFEED0000 \Windows\System32\usp10.dll
0x76E90000 \Windows\System32\user32.dll
0xFEEC0000 \Windows\System32\nsi.dll
0xFEE40000 \Windows\System32\difxapi.dll
0xFE0B0000 \Windows\System32\shell32.dll
0xFDE50000 \Windows\System32\iertutil.dll
0xFDE30000 \Windows\System32\imagehlp.dll
0xFDD90000 \Windows\System32\msvcrt.dll
0xFDBB0000 \Windows\System32\setupapi.dll
0xFDB60000 \Windows\System32\ws2_32.dll
0xFDB00000 \Windows\System32\Wldap32.dll
0xFDA20000 \Windows\System32\oleaut32.dll
0x77280000 \Windows\System32\normaliz.dll
0xFD9F0000 \Windows\System32\imm32.dll
0xFD7E0000 \Windows\System32\ole32.dll
0xFD7C0000 \Windows\System32\sechost.dll
0x77270000 \Windows\System32\psapi.dll
0xFD720000 \Windows\System32\comdlg32.dll
0xFD5A0000 \Windows\System32\urlmon.dll
0xFD470000 \Windows\System32\wininet.dll
0xFD3D0000 \Windows\System32\clbcatq.dll
0xFD3B0000 \Windows\System32\devobj.dll
0xFD240000 \Windows\System32\crypt32.dll
0xFD200000 \Windows\System32\cfgmgr32.dll
0xFD190000 \Windows\System32\KernelBase.dll
0xFD150000 \Windows\System32\wintrust.dll
0xFD0B0000 \Windows\System32\comctl32.dll
0xFD0A0000 \Windows\System32\msasn1.dll
0x74E70000 \Windows\SysWOW64\normaliz.dll

Processes (total 64):
0 System Idle Process
4 System
480 C:\Windows\System32\smss.exe
728 csrss.exe
160 C:\Windows\System32\wininit.exe
528 csrss.exe
612 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\winlogon.exe
1032 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\atiesrxx.exe
1240 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\audiodg.exe
1432 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\svchost.exe
1680 C:\Windows\System32\atieclxx.exe
1712 C:\Windows\System32\spoolsv.exe
1740 C:\Windows\System32\svchost.exe
1824 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1856 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1936 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2004 C:\Windows\System32\svchost.exe
2032 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1796 C:\Windows\System32\taskhost.exe
2052 C:\Windows\System32\dwm.exe
2152 C:\Windows\explorer.exe
2184 C:\Windows\System32\svchost.exe
2216 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
2276 C:\Windows\System32\taskeng.exe
2324 C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2384 C:\Program Files\Core Temp\Core Temp.exe
2480 C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
2588 C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMail.exe
2628 C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMail.exe
2832 C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
2840 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2896 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
2936 C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
2964 C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
3004 C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
3040 C:\Windows\System32\svchost.exe
3064 C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
2108 C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
3268 C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
3988 WmiPrvSE.exe
4076 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
4244 C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
4604 C:\Windows\System32\SearchIndexer.exe
4832 C:\Windows\System32\svchost.exe
4952 WUDFHost.exe
4332 C:\Program Files\Windows Media Player\wmpnetwk.exe
5040 WmiPrvSE.exe
1572 C:\Windows\System32\svchost.exe
5676 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5620 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4624 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5832 C:\Windows\System32\sppsvc.exe
6068 C:\Users\Luis\Desktop\MBRCheck.exe
1568 C:\Windows\System32\conhost.exe
5560 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST31000524AS, Rev: JC47
PhysicalDrive1 Model Number: ST31000524AS, Rev: JC47

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
  • 0

#23
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
note: i got java to work finally. i found one solution online where i deleted all java leftover folders, then i downloaded the java install to my computer and manually installed it. i dont know why, but this worked, so im happy about that.

the only other problem im having that i havent been able to fix even though ive tried many solutions is the windows update of KB2538243. ive copy/paste it again below. can you think of a solution to this?

copy/paste:
-----------
windows tried to install one single update called "Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)". it wouldnt install so i researched it online and when it asked where to find vc_red.msi i hit browse and typee in vc_red.msi in the search box and it found it in some weirdly created folder under my C drive. it was something like this "c:\430325ff2b5edd0180c9e681\". it installed and i rebooted. upon reboot it said it didnt install correctly and tried to do the whole procedure again. i did this about 5 times and rebooted 5 times and the problem is still there. its a never ending cycle/loop??

Edited by louuu, 29 November 2011 - 02:19 PM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP
Looks like it worked then. Hopefully the thing is gone for good. This is only my first time with this new version and the instructions were just posted 20 November 2011 so wasn't sure how clear they were.

Uninstall your new Java then:

Download, Save and Run this tool by right clicking and Run As Admin.

http://forums.whatth..._download&id=41

If we are lucky it will fix the Java problem. When it finishes, try downloading and installing Java again.

(If the link doesn't work, go to http://forums.whatth...ads&showfile=41
and Download File in the center of the page.)
  • 0

#25
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
im so glad we were able to get rid of boot.tidserv.

i did the java steps and it worked perfectly and java installed correctly. it installed the 32bit version by default as my windows 7 64bit apparently uses a 32bit explorer browswer. it says if i use a 64bit explorer browser then i should install the java 64bit vesion too. should i do this?

lastly, any suggestions on my windows update problem that i cant solve? its copy/paste below. also, its some sort of visual c file. one of the solutions that i tried that didnt work was to uninstall everything that had microsoft visual c in it. i did that, but its still trying to install this file. im hoping i didnt need that visual c on my computer? did i? thanks ron.

copy/paste
----------
windows tried to install one single update called "Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)". it wouldnt install so i researched it online and when it asked where to find vc_red.msi i hit browse and typee in vc_red.msi in the search box and it found it in some weirdly created folder under my C drive. it was something like this "c:\430325ff2b5edd0180c9e681\". it installed and i rebooted. upon reboot it said it didnt install correctly and tried to do the whole procedure again. i did this about 5 times and rebooted 5 times and the problem is still there. its a never ending cycle/loop??
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

Right click on Start and Open Windows Explorer and navigate to:


C:\Users\Luis\AppData\Local\Temp>

Right click on the Temp folder and select Properties, Then Security. Verify that all users have Full Control (Click on each entry in Group or User Name then look below that Full Control is checked. There should be three Entries. Luis, System, and Administrators.

Then go to http://www.microsoft...ang=en&id=26347 and Download, Save and and try to install (Pause Norton, right click on the file and Run As Admin )the middle of the three offered Downloads. (vcredist_x64.EXE 3.0 MB)

Ron
  • 0

#27
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
in case you already read this, i edited it:

yes! it worked. i even rebooted and ran windows update to make sure and it worked perfectly. i also was finally able to install the ati software that i couldnt install before. so all of my problems are fixed thanks to you!

what can i say to you ron? im in awe of your computer knowledge and even more in awe of your generosity to help others. you even had me donate to charity instead of giving to you. youre a stand up classy guy ron. from my heart i sincerely give you my thanks and i will always try to help others in need, just as you have helped me. i believe that when youre good to others, it comes back to you. and the proof is here with how kind you have been to me. thank you again ron. all youve done is so very appreciated.

ron, i do have one final question. should i also install the java 64bit or is it not necessary. it appears that they only wanted me to install the 32bit version, but it did say if i use explorer 64bit browser then i should also install the 64bit version as well. i dont think i use the 64bit browser but im unsure. so should i install the 64bit java or not? thank you .

Edited by louuu, 29 November 2011 - 04:32 PM.

  • 0

#28
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
yes! the windows update worked. i even rebooted and ran windows update to make sure and it worked perfectly. i also was finally able to install the ati software that i couldnt install before. so all of my problems are fixed thanks to you!

what can i say to you ron? im in awe of your computer knowledge and even more in awe of your generosity to help others. you even had me donate to charity instead of giving to you. youre a stand up classy guy ron. from my heart i sincerely give you my thanks and i will always try to help others in need, just as you have helped me. i believe that when youre good to others, it comes back to you. and the proof is here with how kind you have been to me. thank you again ron. all youve done is so very appreciated.

ron, i do have one final question. should i also install the java 64bit or is it not necessary. it appears that they only wanted me to install the 32bit version, but it did say if i use explorer 64bit browser then i should also install the 64bit version as well. i dont think i use the 64bit browser but im unsure. so should i install the 64bit java or not? thank you.
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,793 posts
  • MVP
I think you can live without the 64bit version of Java. It won't hurt anything to install it but if you don't use the 64bit IE then it doesn't matter. Most sites will still work without it anyway.
  • 0

#30
louuu

louuu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 223 posts
thanks again ron for all your good help. my system is now running perfectly with no issues and all the programs i had trouble installing before have now been successfully installed. you can close this case now since everything has been resolved and thanks again ron for being such a kind and giving person. take care of yourself.

Luis
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP