Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTPS Tidserve Request 2 intrusions


  • Please log in to reply
4 replies to this topic

#1 candelo

candelo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 04 June 2010 - 03:11 AM

For the past week Norton has been giving me a message that it has stopped an HTTPS Tidserve Request 2 intrusion attempt, approximately every half hour. As this has never happened before, my main concern is that there is something on my computer already. I have too little knowledge to deal with this myself and would appreciate help from someone with experience. I have scanned with Norton, Spybot and Malware Bytes., but they found nothing. I also took my computer to a computer repair place where they found something removed it and thought the problem was fixed, however the messages are still coming. I am connected to a network of 3 computers however when I disconnected these from my computer the messages still came through. IIf you need further information please ask and I will do my best to provide it.

Thank you for your help.

Edited by candelo, 04 June 2010 - 03:16 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:29 AM

Posted 04 June 2010 - 10:51 AM

Hello.
Is this PC on a network?

Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer.


Now run TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
Now TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 candelo

candelo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 04 June 2010 - 11:48 PM

Thanks,

I have run the TDSSKILLER and 2 log files were in my C: I have copied them both as there was some differences.


14:33:58:515 0604 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:33:58:515 0604 ================================================================================
14:33:58:515 0604 SystemInfo:

14:33:58:515 0604 OS Version: 5.1.2600 ServicePack: 3.0
14:33:58:515 0604 Product type: Workstation
14:33:58:515 0604 ComputerName: MAIN
14:33:58:515 0604 UserName: Owner
14:33:58:515 0604 Windows directory: C:\WINDOWS
14:33:58:515 0604 Processor architecture: Intel x86
14:33:58:515 0604 Number of processors: 2
14:33:58:515 0604 Page size: 0x1000
14:33:58:515 0604 Boot type: Normal boot
14:33:58:515 0604 ================================================================================
14:33:59:203 0604 Initialize success
14:33:59:203 0604
14:33:59:203 0604 Scanning Services ...
14:33:59:609 0604 Raw services enum returned 348 services
14:33:59:609 0604
14:33:59:609 0604 Scanning Drivers ...
14:34:00:281 0604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:34:00:343 0604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:34:00:421 0604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:34:00:500 0604 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:34:00:562 0604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:34:00:593 0604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:34:00:656 0604 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
14:34:00:687 0604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:34:00:734 0604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:34:00:781 0604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:34:00:890 0604 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
14:34:01:062 0604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:34:01:140 0604 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:34:01:171 0604 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys
14:34:01:234 0604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:34:01:281 0604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:34:01:296 0604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:34:01:328 0604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:34:01:375 0604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:34:01:390 0604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:34:01:390 0604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:34:01:421 0604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:34:01:437 0604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:34:01:546 0604 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:34:01:593 0604 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:34:01:718 0604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:34:01:718 0604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:34:01:734 0604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:34:01:750 0604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:34:01:812 0604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:34:01:843 0604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:34:01:859 0604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:34:01:890 0604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:34:01:906 0604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:34:01:906 0604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:34:01:921 0604 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:34:01:984 0604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:34:02:000 0604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:34:02:187 0604 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100528.003\IDSxpx86.sys
14:34:02:296 0604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:34:02:468 0604 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:34:02:546 0604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:34:02:578 0604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:34:02:609 0604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:34:02:640 0604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:34:02:671 0604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:34:02:671 0604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:34:02:703 0604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:34:02:718 0604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:34:02:734 0604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:34:02:750 0604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:34:02:968 0604 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:34:03:046 0604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:34:03:093 0604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:34:03:156 0604 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
14:34:03:203 0604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:34:03:281 0604 mod7700 (0f91a62dc91319dadff8e8df1c1b50b5) C:\WINDOWS\system32\DRIVERS\mod7700.sys
14:34:03:359 0604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:34:03:375 0604 MODRC (370e88453ec0d7bea6eb24be8d865dbe) C:\WINDOWS\system32\DRIVERS\modrc.sys
14:34:03:421 0604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:34:03:484 0604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:34:03:562 0604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:34:03:656 0604 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:34:03:718 0604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:34:03:812 0604 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:34:03:828 0604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:34:03:890 0604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:34:03:953 0604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:34:03:984 0604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:34:04:046 0604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:34:04:093 0604 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
14:34:04:406 0604 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:34:04:578 0604 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:34:04:796 0604 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100604.006\NAVENG.SYS
14:34:04:859 0604 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100604.006\NAVEX15.SYS
14:34:05:015 0604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:34:05:109 0604 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:34:05:171 0604 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:34:05:203 0604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:34:05:218 0604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:34:05:265 0604 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:34:05:281 0604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:34:05:343 0604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:34:05:359 0604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:34:05:390 0604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:34:05:484 0604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:34:05:687 0604 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:34:06:000 0604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:34:06:078 0604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:34:06:125 0604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:34:06:140 0604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:34:06:187 0604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:34:06:203 0604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:34:06:234 0604 PCIIde (d2c8678e438dcd793add14d7062e38f1) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:34:06:234 0604 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: d2c8678e438dcd793add14d7062e38f1, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0
14:34:06:234 0604 File "C:\WINDOWS\system32\DRIVERS\pciide.sys" infected by TDSS rootkit ... 14:34:07:750 0604 Backup copy found, using it..
14:34:07:828 0604 will be cured on next reboot
14:34:07:937 0604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:34:08:000 0604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:34:08:000 0604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:34:08:046 0604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:34:08:140 0604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:34:08:265 0604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:34:08:390 0604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:34:08:390 0604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:34:08:437 0604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:34:08:453 0604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:34:08:468 0604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:34:08:500 0604 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:34:08:546 0604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:34:08:625 0604 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:34:08:671 0604 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREdrv.sys
14:34:08:703 0604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:34:08:734 0604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:34:08:765 0604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:34:08:843 0604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:34:08:890 0604 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:34:08:953 0604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:34:08:968 0604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:34:09:046 0604 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS
14:34:09:078 0604 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS
14:34:09:140 0604 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:34:09:187 0604 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:34:09:234 0604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:34:09:265 0604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:34:09:343 0604 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS
14:34:09:453 0604 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:34:09:531 0604 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS
14:34:09:609 0604 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS
14:34:09:718 0604 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
14:34:09:734 0604 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
14:34:09:781 0604 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS
14:34:09:859 0604 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
14:34:09:937 0604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:34:10:000 0604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:34:10:031 0604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:34:10:062 0604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:34:10:093 0604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:34:10:140 0604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:34:10:171 0604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:34:10:218 0604 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:34:10:265 0604 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:34:10:312 0604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:34:10:375 0604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:34:10:390 0604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:34:10:406 0604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:34:10:437 0604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:34:10:484 0604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:34:10:500 0604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:34:10:562 0604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:34:10:578 0604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:34:10:609 0604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:34:10:625 0604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:34:10:796 0604 WFIOCTL (9bc98a4e3401d52ed860cf883ccb7478) C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
14:34:10:890 0604 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:34:10:921 0604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:34:10:937 0604 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:34:10:953 0604 Reboot required for cure complete..
14:34:11:375 0604 Cure on reboot scheduled successfully
14:34:11:375 0604
14:34:11:375 0604 Completed
14:34:11:375 0604
14:34:11:375 0604 Results:
14:34:11:375 0604 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:34:11:375 0604 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:34:11:375 0604
14:34:11:375 0604 KLMD(ARK) unloaded successfully



14:01:26:015 2500 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:01:26:015 2500 ================================================================================
14:01:26:015 2500 SystemInfo:

14:01:26:015 2500 OS Version: 5.1.2600 ServicePack: 3.0
14:01:26:015 2500 Product type: Workstation
14:01:26:015 2500 ComputerName: MAIN
14:01:26:015 2500 UserName: Owner
14:01:26:015 2500 Windows directory: C:\WINDOWS
14:01:26:015 2500 Processor architecture: Intel x86
14:01:26:015 2500 Number of processors: 2
14:01:26:015 2500 Page size: 0x1000
14:01:26:015 2500 Boot type: Normal boot
14:01:26:015 2500 ================================================================================
14:01:26:531 2500 Initialize success
14:01:26:531 2500
14:01:26:531 2500 Scanning Services ...
14:01:26:937 2500 Raw services enum returned 348 services
14:01:26:953 2500
14:01:26:953 2500 Scanning Drivers ...
14:01:27:765 2500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:01:27:828 2500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:01:27:921 2500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:01:27:984 2500 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:01:28:093 2500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:01:28:125 2500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:01:28:187 2500 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
14:01:28:234 2500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:01:28:312 2500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:01:28:375 2500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:01:28:515 2500 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
14:01:28:593 2500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:01:28:687 2500 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:01:28:750 2500 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys
14:01:28:781 2500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:01:28:843 2500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:01:28:859 2500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:01:28:906 2500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:01:28:937 2500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:01:28:984 2500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:01:29:000 2500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:01:29:093 2500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:01:29:218 2500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:01:29:328 2500 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:01:29:375 2500 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:01:29:515 2500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:01:29:593 2500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:01:29:656 2500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:01:29:656 2500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:01:29:718 2500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:01:29:750 2500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:01:29:765 2500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:01:29:843 2500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:01:29:875 2500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:01:29:968 2500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:01:30:000 2500 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:01:30:078 2500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:01:30:109 2500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:01:30:296 2500 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100528.003\IDSxpx86.sys
14:01:30:406 2500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:01:30:609 2500 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:01:30:687 2500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:01:30:718 2500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:01:30:781 2500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:01:30:812 2500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:01:30:859 2500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:01:30:859 2500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:01:30:890 2500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:01:30:953 2500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:01:30:984 2500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:01:31:000 2500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:01:31:250 2500 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:01:31:359 2500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:01:31:421 2500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys




Here is the log after scanning with MBAM

Database version: 4170

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/06/2010 3:03:18 PM
mbam-log-2010-06-05 (15-03-18).txt

Scan type: Quick scan
Objects scanned: 129116
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by candelo, 05 June 2010 - 12:08 AM.


#4 candelo

candelo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 05 June 2010 - 12:52 AM

so Having completed everything you suggested I hope there are no more problems. Is there anything else I need to do. I have not reconnected myself to the network as yet. One computer is running Norton and not receiving any messages like mine the other doesn't run Norton as it is not compatible with his firewall (Zone Alarm). He is using Windows 7, and has constant access with the internet as he works from home.

Thanks so much for your help. I don't know what we would do without forums like this.


Candelo

Edited by candelo, 05 June 2010 - 01:28 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:29 AM

Posted 05 June 2010 - 11:01 AM

Thank you,, All looks good here and you're welcome from all of us at BC.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users