tidserv removal

View previous topic View next topic Go down

tidserv removal

Post by tdcjnj438 on Mon May 16, 2011 1:16 pm

OTL logfile created on: 5/16/2011 8:08:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\shitshit\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 80.34 Gb Free Space | 71.93% Space Free | Partition Type: NTFS

Computer Name: DUSTYS | User Name: shitshit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 08:07:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\shitshit\Downloads\OTL.com
PRC - [2011/05/03 09:56:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/02/14 20:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/25 11:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/03/29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2007/06/08 05:35:44 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 05:35:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 08:07:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\shitshit\Downloads\OTL.com
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (TWCRcAppSvc)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/02/25 12:30:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/11 09:39:10 | 000,020,472 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/05/10 09:15:12 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 09:15:12 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/10 09:15:01 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/22 01:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110514.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/22 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110514.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/15 15:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/03/14 13:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110513.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 19:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/11/03 20:55:34 | 000,051,712 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/11/03 19:28:02 | 000,282,112 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2009/10/09 02:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:02:53 | 000,545,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2008/05/29 14:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)
DRV - [2007/08/03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 05:35:44 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 3E 63 FB 3B 12 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/19 16:25:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/19 16:25:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/05/11 07:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn\ [2011/05/10 09:14:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 09:56:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/20 09:50:16 | 000,000,000 | ---D | M]

[2011/04/20 09:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shitshit\AppData\Roaming\mozilla\Extensions
[2010/06/26 17:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shitshit\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/05/11 08:30:54 | 000,002,469 | ---- | M] () -- C:\Users\shitshit\AppData\Roaming\Mozilla\Firefox\Profiles\c7xb22cx.default\searchplugins\safesearch.xml
[2011/04/23 08:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/10 09:14:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN
[2011/05/11 07:46:50 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
[2011/05/03 09:56:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5

tdcjnj438
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2011-05-16
Gender : Female
OS : windows 7 ultimate

View user profile

Back to top Go down

tidserv removal

Post by tdcjnj438 on Mon May 16, 2011 2:27 pm

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-16 09:23:44
-----------------------------
09:23:44.817 OS Version: Windows 6.1.7600
09:23:44.818 Number of processors: 2 586 0xE0C
09:23:44.824 ComputerName: DUSTYS UserName:
09:23:46.899 Initialize success
09:24:03.278 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
09:24:03.285 Disk 0 Vendor: FUJITSU_MHW2120BH 00000012 Size: 114473MB BusType: 3
09:24:05.381 Disk 0 MBR read successfully
09:24:05.388 Disk 0 MBR scan
09:24:05.396 Disk 0 TDL4@MBR code has been found
09:24:05.404 Disk 0 MBR [TDL4] **ROOTKIT**
09:24:05.411 Disk 0 scanning C:\Windows\system32\drivers
09:24:09.976 Service scanning
09:24:12.034 Disk 0 trace - called modules:
09:24:12.081
09:24:12.092 Scan finished successfully
09:24:58.957 Disk 0 MBR has been saved successfully to "C:\Users\shitshit\Documents\MBR.dat"
09:24:58.959 The log file has been saved successfully to "C:\Users\shitshit\Documents\aswMBR.txt"



tdcjnj438
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2011-05-16
Gender : Female
OS : windows 7 ultimate

View user profile

Back to top Go down

TIDSERV REMOVAL

Post by tdcjnj438 on Mon May 16, 2011 2:31 pm

Results of screen317's Security Check version 0.99.11
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader 9.3.2
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

tdcjnj438
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2011-05-16
Gender : Female
OS : windows 7 ultimate

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum