Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Infected: Tidserv Activity 2


  • Please log in to reply
18 replies to this topic

#1 m0usie

m0usie

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 25 July 2011 - 06:27 PM

Hi. I'm new, saw people on Norton directing people here...

I keep getting this Norton pop up that says "Threat requiring manual removal detected: System Infected: Tidserv Activity 2"

So I went to the link http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99 and downloaded the Backdoor.Tidserv Removal Tool. I ran the tool and it restarted my PC and when my PC started up again the TDSS Fix Tool 2.1.3 popped up and said "No infections were found"

But I keep getting the same pop up by Norton saying that "Threat requiring manual removal detected"

Someone help please =o\.. I'm on Windows 7. I have the regular Norton Antivirus. I ran a quick system scan and it just found those dumb cookies. I'm running a full system scan now but that takes forever.

Any help or advice or recommendations will be greatly appreciated..

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 25 July 2011 - 06:54 PM

Hello, let me confirn you;ve run this.
Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 m0usie

m0usie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 25 July 2011 - 11:46 PM

Hello Boopme thank you so much for taking the time to reply.

So I updated my virus definitions and restarted in Safe Mode and did a Full Norton Scan and it did not find anything.

Then I rebooted like you said, back in the normal mode, but I disconnected my internet connection and the backdoor.tidserv detection pop up did NOT come up again. (And I don't know why but I left my PC on for 45 mins with no internet connection just to make sure it didn't pop up again and it didn't)

Then I reconnected my internet connection again, and still nothing. Then I restarted my PC again with internet connection and the backdoor.tidserv Norton pop up came again.

I got the TDSSKiller.exe file and saved it to my desktop like you asked and the results found nothing. Here is the log:

2011/07/25 21:14:25.0943 2808 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 21:14:26.0302 2808 ================================================================================
2011/07/25 21:14:26.0302 2808 SystemInfo:
2011/07/25 21:14:26.0302 2808
2011/07/25 21:14:26.0302 2808 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/25 21:14:26.0302 2808 Product type: Workstation
2011/07/25 21:14:26.0302 2808 ComputerName: MARIA-PC
2011/07/25 21:14:26.0302 2808 UserName: Maria
2011/07/25 21:14:26.0302 2808 Windows directory: C:\windows
2011/07/25 21:14:26.0302 2808 System windows directory: C:\windows
2011/07/25 21:14:26.0302 2808 Running under WOW64
2011/07/25 21:14:26.0302 2808 Processor architecture: Intel x64
2011/07/25 21:14:26.0302 2808 Number of processors: 4
2011/07/25 21:14:26.0302 2808 Page size: 0x1000
2011/07/25 21:14:26.0302 2808 Boot type: Normal boot
2011/07/25 21:14:26.0302 2808 ================================================================================
2011/07/25 21:14:28.0470 2808 Initialize success
2011/07/25 21:15:59.0762 0944 ================================================================================
2011/07/25 21:15:59.0762 0944 Scan started
2011/07/25 21:15:59.0762 0944 Mode: Manual;
2011/07/25 21:15:59.0762 0944 ================================================================================
2011/07/25 21:16:01.0010 0944 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
2011/07/25 21:16:01.0088 0944 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
2011/07/25 21:16:01.0134 0944 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
2011/07/25 21:16:01.0275 0944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/25 21:16:01.0337 0944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/25 21:16:01.0415 0944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/25 21:16:01.0556 0944 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
2011/07/25 21:16:01.0618 0944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
2011/07/25 21:16:01.0665 0944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
2011/07/25 21:16:01.0696 0944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
2011/07/25 21:16:01.0758 0944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/25 21:16:02.0164 0944 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\windows\system32\DRIVERS\atikmdag.sys
2011/07/25 21:16:02.0460 0944 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\windows\system32\DRIVERS\atikmpag.sys
2011/07/25 21:16:02.0507 0944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/25 21:16:02.0616 0944 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
2011/07/25 21:16:02.0663 0944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/25 21:16:02.0726 0944 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
2011/07/25 21:16:02.0804 0944 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
2011/07/25 21:16:02.0913 0944 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/07/25 21:16:02.0991 0944 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/25 21:16:03.0038 0944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/25 21:16:03.0084 0944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
2011/07/25 21:16:03.0537 0944 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\windows\system32\DRIVERS\atikmdag.sys
2011/07/25 21:16:03.0724 0944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/07/25 21:16:03.0802 0944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/07/25 21:16:03.0833 0944 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/07/25 21:16:04.0083 0944 BHDrvx64 (c823adeedd3ae6f3db52b6152e5789cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys
2011/07/25 21:16:04.0223 0944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/25 21:16:04.0301 0944 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
2011/07/25 21:16:04.0364 0944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/25 21:16:04.0442 0944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/25 21:16:04.0520 0944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/07/25 21:16:04.0582 0944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/25 21:16:04.0629 0944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/25 21:16:04.0676 0944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/25 21:16:04.0707 0944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/25 21:16:04.0754 0944 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/25 21:16:04.0832 0944 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
2011/07/25 21:16:04.0894 0944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/07/25 21:16:04.0941 0944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/07/25 21:16:05.0050 0944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/25 21:16:05.0112 0944 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
2011/07/25 21:16:05.0175 0944 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
2011/07/25 21:16:05.0206 0944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/25 21:16:05.0268 0944 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
2011/07/25 21:16:05.0346 0944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/25 21:16:05.0502 0944 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
2011/07/25 21:16:05.0565 0944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/07/25 21:16:05.0627 0944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/07/25 21:16:05.0705 0944 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/07/25 21:16:05.0830 0944 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/25 21:16:06.0173 0944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/07/25 21:16:06.0329 0944 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/07/25 21:16:06.0454 0944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/25 21:16:06.0626 0944 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/25 21:16:06.0750 0944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
2011/07/25 21:16:06.0844 0944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/07/25 21:16:06.0891 0944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/07/25 21:16:07.0062 0944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/07/25 21:16:07.0125 0944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/07/25 21:16:07.0203 0944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/07/25 21:16:07.0281 0944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/25 21:16:07.0343 0944 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
2011/07/25 21:16:07.0406 0944 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/07/25 21:16:07.0484 0944 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/25 21:16:07.0546 0944 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/25 21:16:07.0593 0944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/25 21:16:07.0640 0944 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/25 21:16:07.0780 0944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/07/25 21:16:07.0874 0944 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
2011/07/25 21:16:07.0952 0944 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
2011/07/25 21:16:07.0998 0944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/25 21:16:08.0045 0944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/25 21:16:08.0092 0944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/07/25 21:16:08.0201 0944 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/25 21:16:08.0279 0944 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
2011/07/25 21:16:08.0388 0944 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
2011/07/25 21:16:08.0451 0944 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
2011/07/25 21:16:08.0544 0944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
2011/07/25 21:16:08.0607 0944 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
2011/07/25 21:16:08.0825 0944 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSvia64.sys
2011/07/25 21:16:09.0090 0944 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/07/25 21:16:09.0480 0944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/25 21:16:09.0683 0944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
2011/07/25 21:16:09.0777 0944 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/25 21:16:09.0886 0944 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/07/25 21:16:09.0964 0944 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
2011/07/25 21:16:10.0042 0944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/07/25 21:16:10.0104 0944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/07/25 21:16:10.0151 0944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
2011/07/25 21:16:10.0214 0944 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
2011/07/25 21:16:10.0338 0944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
2011/07/25 21:16:10.0416 0944 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
2011/07/25 21:16:10.0494 0944 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
2011/07/25 21:16:10.0557 0944 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/25 21:16:10.0604 0944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/07/25 21:16:10.0697 0944 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/25 21:16:10.0775 0944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/25 21:16:10.0869 0944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/25 21:16:10.0947 0944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/25 21:16:10.0994 0944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/25 21:16:11.0072 0944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/07/25 21:16:11.0150 0944 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\windows\system32\DRIVERS\lvpopf64.sys
2011/07/25 21:16:11.0196 0944 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\windows\system32\DRIVERS\LVPr2M64.sys
2011/07/25 21:16:11.0212 0944 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\windows\system32\DRIVERS\LVPr2M64.sys
2011/07/25 21:16:11.0259 0944 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\windows\system32\DRIVERS\lvrs64.sys
2011/07/25 21:16:11.0462 0944 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\windows\system32\DRIVERS\lvuvc64.sys
2011/07/25 21:16:11.0680 0944 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\windows\system32\drivers\mbam.sys
2011/07/25 21:16:11.0758 0944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/07/25 21:16:11.0820 0944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/25 21:16:11.0867 0944 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/07/25 21:16:11.0945 0944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/07/25 21:16:12.0008 0944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/25 21:16:12.0070 0944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/25 21:16:12.0132 0944 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
2011/07/25 21:16:12.0226 0944 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
2011/07/25 21:16:12.0273 0944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/07/25 21:16:12.0351 0944 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
2011/07/25 21:16:12.0413 0944 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/25 21:16:12.0522 0944 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/25 21:16:12.0569 0944 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/25 21:16:12.0632 0944 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
2011/07/25 21:16:12.0694 0944 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
2011/07/25 21:16:12.0803 0944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/07/25 21:16:12.0850 0944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/25 21:16:12.0912 0944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
2011/07/25 21:16:12.0990 0944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/25 21:16:13.0053 0944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/25 21:16:13.0084 0944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/07/25 21:16:13.0131 0944 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
2011/07/25 21:16:13.0209 0944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
2011/07/25 21:16:13.0287 0944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/07/25 21:16:13.0365 0944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/25 21:16:13.0396 0944 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\windows\system32\DRIVERS\ASACPI.sys
2011/07/25 21:16:13.0443 0944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/07/25 21:16:13.0536 0944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/25 21:16:13.0724 0944 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110725.019\ENG64.SYS
2011/07/25 21:16:13.0802 0944 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110725.019\EX64.SYS
2011/07/25 21:16:14.0051 0944 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
2011/07/25 21:16:14.0160 0944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/25 21:16:14.0207 0944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/25 21:16:14.0254 0944 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/25 21:16:14.0316 0944 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/25 21:16:14.0363 0944 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
2011/07/25 21:16:14.0426 0944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/07/25 21:16:14.0504 0944 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
2011/07/25 21:16:14.0597 0944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/25 21:16:14.0722 0944 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) C:\windows\system32\drivers\ccdcmbox64.sys
2011/07/25 21:16:14.0816 0944 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) C:\windows\system32\drivers\ccdcmbx64.sys
2011/07/25 21:16:14.0862 0944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/07/25 21:16:14.0909 0944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/07/25 21:16:15.0018 0944 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
2011/07/25 21:16:15.0174 0944 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/07/25 21:16:15.0268 0944 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
2011/07/25 21:16:15.0299 0944 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
2011/07/25 21:16:15.0330 0944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
2011/07/25 21:16:15.0393 0944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
2011/07/25 21:16:15.0486 0944 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/07/25 21:16:15.0533 0944 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
2011/07/25 21:16:15.0627 0944 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\windows\system32\DRIVERS\pccsmcfdx64.sys
2011/07/25 21:16:15.0689 0944 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
2011/07/25 21:16:15.0720 0944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
2011/07/25 21:16:15.0767 0944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/25 21:16:15.0814 0944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/07/25 21:16:15.0861 0944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/07/25 21:16:16.0173 0944 Point64 (33328fa8a580885ab0065be6db266e9f) C:\windows\system32\DRIVERS\point64.sys
2011/07/25 21:16:16.0251 0944 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/25 21:16:16.0298 0944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/07/25 21:16:16.0438 0944 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
2011/07/25 21:16:16.0516 0944 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\windows\system32\Drivers\PxHlpa64.sys
2011/07/25 21:16:16.0641 0944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/25 21:16:16.0750 0944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/25 21:16:16.0797 0944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/07/25 21:16:16.0828 0944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/25 21:16:16.0875 0944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/25 21:16:16.0922 0944 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/25 21:16:17.0015 0944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/25 21:16:17.0046 0944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/25 21:16:17.0109 0944 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/25 21:16:17.0156 0944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/25 21:16:17.0249 0944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/25 21:16:17.0296 0944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/07/25 21:16:17.0343 0944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/07/25 21:16:17.0390 0944 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
2011/07/25 21:16:17.0468 0944 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
2011/07/25 21:16:17.0561 0944 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\windows\system32\Drivers\RimUsb_AMD64.sys
2011/07/25 21:16:17.0639 0944 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/07/25 21:16:17.0686 0944 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
2011/07/25 21:16:17.0748 0944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/25 21:16:17.0795 0944 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/07/25 21:16:17.0889 0944 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
2011/07/25 21:16:17.0967 0944 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/25 21:16:18.0060 0944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/07/25 21:16:18.0154 0944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/07/25 21:16:18.0185 0944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/07/25 21:16:18.0232 0944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/25 21:16:18.0341 0944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/07/25 21:16:18.0419 0944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/07/25 21:16:18.0450 0944 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
2011/07/25 21:16:18.0497 0944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/25 21:16:18.0575 0944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/25 21:16:18.0638 0944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/25 21:16:18.0684 0944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/07/25 21:16:18.0762 0944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/07/25 21:16:18.0965 0944 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NAVx64\1206000.01D\SRTSP64.SYS
2011/07/25 21:16:19.0028 0944 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NAVx64\1206000.01D\SRTSPX64.SYS
2011/07/25 21:16:19.0090 0944 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
2011/07/25 21:16:19.0152 0944 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
2011/07/25 21:16:19.0184 0944 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/25 21:16:19.0262 0944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/25 21:16:19.0324 0944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
2011/07/25 21:16:19.0449 0944 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS
2011/07/25 21:16:19.0527 0944 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS
2011/07/25 21:16:19.0636 0944 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2011/07/25 21:16:19.0745 0944 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS
2011/07/25 21:16:19.0808 0944 SymNetS (81d134628a98a22b6e054e971af525dc) C:\windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS
2011/07/25 21:16:20.0057 0944 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\drivers\tcpip.sys
2011/07/25 21:16:20.0244 0944 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/25 21:16:20.0385 0944 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
2011/07/25 21:16:20.0463 0944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/07/25 21:16:20.0510 0944 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/07/25 21:16:20.0572 0944 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
2011/07/25 21:16:20.0634 0944 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
2011/07/25 21:16:20.0759 0944 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/25 21:16:20.0822 0944 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
2011/07/25 21:16:20.0900 0944 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/25 21:16:20.0946 0944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/25 21:16:21.0009 0944 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
2011/07/25 21:16:21.0118 0944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
2011/07/25 21:16:21.0180 0944 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
2011/07/25 21:16:21.0227 0944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/07/25 21:16:21.0305 0944 upperdev (bcd611d240604ceee7f90805361fab50) C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys
2011/07/25 21:16:21.0352 0944 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
2011/07/25 21:16:21.0414 0944 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
2011/07/25 21:16:21.0477 0944 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/25 21:16:21.0555 0944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
2011/07/25 21:16:21.0602 0944 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
2011/07/25 21:16:21.0648 0944 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/25 21:16:21.0711 0944 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
2011/07/25 21:16:21.0789 0944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/25 21:16:21.0836 0944 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2011/07/25 21:16:21.0929 0944 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\windows\system32\drivers\usbser.sys
2011/07/25 21:16:21.0960 0944 UsbserFilt (d91be2644b18b4e3c69982fe0e1e97d6) C:\windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2011/07/25 21:16:22.0054 0944 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
2011/07/25 21:16:22.0132 0944 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
2011/07/25 21:16:22.0210 0944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
2011/07/25 21:16:22.0382 0944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/25 21:16:22.0428 0944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/07/25 21:16:22.0538 0944 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
2011/07/25 21:16:22.0709 0944 VIAHdAudAddService (574b29f436c4c63d37020c6e570a7528) C:\windows\system32\drivers\viahduaa.sys
2011/07/25 21:16:22.0803 0944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
2011/07/25 21:16:22.0850 0944 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
2011/07/25 21:16:22.0959 0944 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
2011/07/25 21:16:23.0037 0944 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
2011/07/25 21:16:23.0115 0944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/25 21:16:23.0193 0944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys
2011/07/25 21:16:23.0271 0944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/25 21:16:23.0333 0944 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/25 21:16:23.0364 0944 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/25 21:16:23.0536 0944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/07/25 21:16:23.0614 0944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/07/25 21:16:23.0786 0944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/25 21:16:23.0817 0944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/07/25 21:16:23.0926 0944 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/25 21:16:24.0004 0944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
2011/07/25 21:16:24.0113 0944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/25 21:16:24.0207 0944 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
2011/07/25 21:16:24.0285 0944 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/25 21:16:24.0394 0944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/25 21:16:24.0425 0944 Boot (0x1200) (1e42120ddb46146335dac6e2f72289cd) \Device\Harddisk0\DR0\Partition0
2011/07/25 21:16:24.0456 0944 Boot (0x1200) (78e17eabe68da4c3fc9ccabd56da9f6b) \Device\Harddisk0\DR0\Partition1
2011/07/25 21:16:24.0472 0944 ================================================================================
2011/07/25 21:16:24.0472 0944 Scan finished
2011/07/25 21:16:24.0472 0944 ================================================================================
2011/07/25 21:16:24.0488 3920 Detected object count: 0
2011/07/25 21:16:24.0488 3920 Actual detected object count: 0
2011/07/25 21:16:53.0987 1664 Deinitialize success


I then installed the Malwarebytes to my desktop as well and the results also found nothing unfortunately. Here is that log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7278

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/25/2011 9:44:29 PM
mbam-log-2011-07-25 (21-44-29).txt

Scan type: Quick scan
Objects scanned: 180792
Time elapsed: 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Once again your help will be greatly appreciated..

#4 m0usie

m0usie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 26 July 2011 - 11:28 AM

Hello, just an update. I'm still getting the pop up so I looked in History on my Norton AntiVirus and it says:

An intrusion attempt by vm1huqpqf6e3g.com requiring manual removal detected

IPS Alert Name: System Infected: Tidserv Activity 2

Attacking Computer vm1huqpqf6e3g.com (195.3.145.110, 443)

Network traffic from vm1huqpqf6e3g.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE.



Hope that info helps somehow.. thank you

#5 m0usie

m0usie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 27 July 2011 - 01:06 PM

Someone help please :( Still having issues and no scans are detecting it

Posted Image

Posted Image

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 27 July 2011 - 09:39 PM

Lets see if GMER reveals a rootkit

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DiTrung

DiTrung

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 27 July 2011 - 10:53 PM

Hi guy, this is the third times i got this virus. The other first times i had to re-install my windows because i dont want to bother you guy. However, this time i give up and have to seek for some helps in here. This is my report. Thank you so much.

2011/07/25 19:13:39.0533 7860 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 19:13:41.0102 7860 ================================================================================
2011/07/25 19:13:41.0102 7860 SystemInfo:
2011/07/25 19:13:41.0102 7860
2011/07/25 19:13:41.0102 7860 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/25 19:13:41.0102 7860 Product type: Workstation
2011/07/25 19:13:41.0102 7860 ComputerName: VII
2011/07/25 19:13:41.0102 7860 UserName: DiTrung
2011/07/25 19:13:41.0102 7860 Windows directory: C:\Windows
2011/07/25 19:13:41.0102 7860 System windows directory: C:\Windows
2011/07/25 19:13:41.0102 7860 Running under WOW64
2011/07/25 19:13:41.0102 7860 Processor architecture: Intel x64
2011/07/25 19:13:41.0102 7860 Number of processors: 8
2011/07/25 19:13:41.0102 7860 Page size: 0x1000
2011/07/25 19:13:41.0102 7860 Boot type: Normal boot
2011/07/25 19:13:41.0102 7860 ================================================================================
2011/07/25 19:13:44.0267 7860 Initialize success
2011/07/25 19:13:49.0049 5968 ================================================================================
2011/07/25 19:13:49.0049 5968 Scan started
2011/07/25 19:13:49.0049 5968 Mode: Manual;
2011/07/25 19:13:49.0049 5968 ================================================================================
2011/07/25 19:13:57.0312 5968 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/25 19:13:57.0517 5968 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
2011/07/25 19:13:57.0681 5968 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2011/07/25 19:13:57.0911 5968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/07/25 19:13:58.0129 5968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/07/25 19:13:58.0299 5968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/07/25 19:13:58.0495 5968 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/25 19:13:58.0637 5968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/25 19:13:58.0776 5968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/25 19:13:58.0933 5968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/25 19:13:59.0064 5968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/07/25 19:13:59.0186 5968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/07/25 19:13:59.0342 5968 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
2011/07/25 19:13:59.0529 5968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/07/25 19:13:59.0699 5968 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
2011/07/25 19:13:59.0844 5968 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/25 19:14:00.0031 5968 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/25 19:14:00.0187 5968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/07/25 19:14:00.0334 5968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/07/25 19:14:00.0473 5968 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/07/25 19:14:00.0642 5968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/25 19:14:00.0778 5968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/25 19:14:00.0972 5968 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/25 19:14:01.0236 5968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/07/25 19:14:01.0366 5968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/25 19:14:01.0535 5968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/25 19:14:01.0979 5968 BHDrvx64 (2175fbc1639e623872081b0f057409c8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110701.001\BHDrvx64.sys
2011/07/25 19:14:02.0229 5968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
2011/07/25 19:14:02.0353 5968 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/25 19:14:02.0496 5968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/07/25 19:14:02.0527 5968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/07/25 19:14:02.0661 5968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/25 19:14:02.0828 5968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/25 19:14:02.0957 5968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/25 19:14:03.0056 5968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/25 19:14:03.0205 5968 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/25 19:14:03.0316 5968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/07/25 19:14:03.0446 5968 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/25 19:14:03.0582 5968 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/07/25 19:14:03.0829 5968 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/25 19:14:03.0973 5968 btwampfl (71a07b6fc98030935e60edbffe9e9c85) C:\Windows\system32\drivers\btwampfl.sys
2011/07/25 19:14:04.0122 5968 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
2011/07/25 19:14:04.0255 5968 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/07/25 19:14:04.0390 5968 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/07/25 19:14:04.0505 5968 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/25 19:14:04.0944 5968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/25 19:14:05.0066 5968 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/25 19:14:05.0203 5968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/07/25 19:14:05.0315 5968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/25 19:14:05.0501 5968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/07/25 19:14:06.0085 5968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/25 19:14:06.0258 5968 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/25 19:14:06.0379 5968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/07/25 19:14:06.0479 5968 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/25 19:14:06.0587 5968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/07/25 19:14:06.0731 5968 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/07/25 19:14:06.0869 5968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/25 19:14:06.0987 5968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/07/25 19:14:07.0106 5968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/25 19:14:07.0218 5968 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/25 19:14:07.0369 5968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/07/25 19:14:07.0550 5968 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/07/25 19:14:07.0705 5968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/07/25 19:14:07.0818 5968 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/07/25 19:14:07.0916 5968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/25 19:14:08.0094 5968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/25 19:14:08.0217 5968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/25 19:14:08.0401 5968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/07/25 19:14:08.0649 5968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/25 19:14:08.0798 5968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/25 19:14:08.0996 5968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/07/25 19:14:09.0121 5968 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/25 19:14:09.0301 5968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/25 19:14:09.0476 5968 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/25 19:14:09.0825 5968 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/25 19:14:09.0959 5968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/25 19:14:10.0155 5968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/25 19:14:10.0343 5968 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/25 19:14:10.0492 5968 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/25 19:14:10.0644 5968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/07/25 19:14:10.0802 5968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/07/25 19:14:10.0942 5968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/07/25 19:14:11.0113 5968 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/25 19:14:11.0245 5968 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/25 19:14:11.0390 5968 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/25 19:14:11.0496 5968 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/25 19:14:11.0820 5968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/25 19:14:12.0049 5968 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\drivers\iaStor.sys
2011/07/25 19:14:12.0190 5968 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
2011/07/25 19:14:12.0445 5968 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110722.031\IDSvia64.sys
2011/07/25 19:14:12.0754 5968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/07/25 19:14:12.0943 5968 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys
2011/07/25 19:14:13.0302 5968 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/25 19:14:13.0524 5968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/25 19:14:14.0609 5968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/25 19:14:14.0724 5968 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/25 19:14:14.0904 5968 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/25 19:14:15.0383 5968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/25 19:14:18.0290 5968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/25 19:14:18.0684 5968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/25 19:14:18.0886 5968 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
2011/07/25 19:14:19.0394 5968 ISODrive (88bb5280137dc9a7e9989c475763cd08) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
2011/07/25 19:14:20.0866 5968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/25 19:14:21.0106 5968 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
2011/07/25 19:14:21.0377 5968 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/25 19:14:21.0756 5968 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/25 19:14:22.0291 5968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/25 19:14:22.0425 5968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/25 19:14:22.0592 5968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/25 19:14:22.0804 5968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/25 19:14:22.0980 5968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/07/25 19:14:23.0174 5968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/25 19:14:23.0283 5968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/25 19:14:23.0423 5968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/07/25 19:14:23.0542 5968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/07/25 19:14:23.0853 5968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/25 19:14:23.0957 5968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/25 19:14:24.0057 5968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/25 19:14:24.0218 5968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/25 19:14:24.0400 5968 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/25 19:14:24.0543 5968 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2011/07/25 19:14:24.0636 5968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/25 19:14:24.0726 5968 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/25 19:14:24.0831 5968 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/25 19:14:24.0948 5968 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/25 19:14:25.0046 5968 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/25 19:14:25.0144 5968 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
2011/07/25 19:14:25.0231 5968 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2011/07/25 19:14:25.0326 5968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/25 19:14:25.0431 5968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/25 19:14:25.0526 5968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/25 19:14:25.0829 5968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/25 19:14:25.0918 5968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/25 19:14:26.0051 5968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/25 19:14:26.0134 5968 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/25 19:14:26.0254 5968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/25 19:14:26.0351 5968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/25 19:14:26.0458 5968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/07/25 19:14:26.0546 5968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/25 19:14:26.0653 5968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/25 19:14:26.0816 5968 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110725.002\ENG64.SYS
2011/07/25 19:14:26.0990 5968 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110725.002\EX64.SYS
2011/07/25 19:14:27.0127 5968 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/25 19:14:27.0225 5968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/25 19:14:27.0323 5968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/25 19:14:27.0434 5968 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/25 19:14:27.0527 5968 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/25 19:14:27.0616 5968 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/25 19:14:28.0027 5968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/25 19:14:28.0154 5968 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/25 19:14:28.0281 5968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/07/25 19:14:28.0423 5968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/25 19:14:28.0512 5968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/25 19:14:28.0650 5968 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/25 19:14:28.0752 5968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/25 19:14:28.0877 5968 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/25 19:14:29.0239 5968 nvlddmkm (db2bee926e7dfc59896a2d6800eb13f7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/25 19:14:29.0573 5968 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
2011/07/25 19:14:29.0823 5968 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
2011/07/25 19:14:29.0926 5968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/25 19:14:30.0040 5968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/25 19:14:30.0166 5968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/07/25 19:14:30.0257 5968 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/25 19:14:30.0361 5968 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
2011/07/25 19:14:30.0451 5968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/25 19:14:30.0544 5968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/07/25 19:14:30.0641 5968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/25 19:14:30.0738 5968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/25 19:14:30.0916 5968 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/25 19:14:31.0001 5968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/07/25 19:14:31.0100 5968 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/25 19:14:31.0191 5968 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/25 19:14:31.0322 5968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/07/25 19:14:31.0499 5968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/07/25 19:14:31.0588 5968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/25 19:14:31.0850 5968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/25 19:14:31.0953 5968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/25 19:14:32.0059 5968 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/25 19:14:32.0182 5968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/25 19:14:32.0284 5968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/25 19:14:32.0378 5968 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/25 19:14:32.0475 5968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2011/07/25 19:14:32.0564 5968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/25 19:14:34.0592 5968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/25 19:14:34.0717 5968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/25 19:14:34.0808 5968 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/25 19:14:34.0914 5968 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/25 19:14:35.0007 5968 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
2011/07/25 19:14:35.0141 5968 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/25 19:14:35.0236 5968 rimspci (6ded176a14770339f1415cfdbcc9e07f) C:\Windows\system32\drivers\rimssne64.sys
2011/07/25 19:14:35.0348 5968 risdsnpe (ddf5f666c2a5b3729e8bea01fb999cc0) C:\Windows\system32\drivers\risdsne64.sys
2011/07/25 19:14:35.0458 5968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/25 19:14:35.0567 5968 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2011/07/25 19:14:35.0791 5968 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/25 19:14:35.0950 5968 sdbus (4e54822ed2350eb1f31f95f0fd674ef3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/25 19:14:36.0083 5968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/25 19:14:36.0272 5968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/07/25 19:14:36.0374 5968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/07/25 19:14:36.0477 5968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/07/25 19:14:36.0609 5968 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
2011/07/25 19:14:36.0687 5968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/25 19:14:36.0786 5968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/25 19:14:36.0879 5968 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/25 19:14:36.0985 5968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/07/25 19:14:37.0120 5968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/07/25 19:14:37.0220 5968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/07/25 19:14:37.0322 5968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/25 19:14:37.0455 5968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/25 19:14:38.0185 5968 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
2011/07/25 19:14:38.0185 5968 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
2011/07/25 19:14:38.0213 5968 sptd - detected LockedFile.Multi.Generic (1)
2011/07/25 19:14:38.0766 5968 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSP64.SYS
2011/07/25 19:14:38.0921 5968 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
2011/07/25 19:14:39.0084 5968 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/25 19:14:39.0227 5968 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/25 19:14:39.0354 5968 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/25 19:14:39.0530 5968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/07/25 19:14:40.0626 5968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/25 19:14:40.0804 5968 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
2011/07/25 19:14:40.0957 5968 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
2011/07/25 19:14:41.0090 5968 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/07/25 19:14:41.0251 5968 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
2011/07/25 19:14:41.0406 5968 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMNETS.SYS
2011/07/25 19:14:41.0968 5968 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/25 19:14:42.0633 5968 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/25 19:14:42.0793 5968 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/25 19:14:42.0955 5968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/25 19:14:43.0003 5968 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/25 19:14:43.0106 5968 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/25 19:14:43.0274 5968 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
2011/07/25 19:14:43.0414 5968 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/25 19:14:43.0520 5968 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/25 19:14:43.0971 5968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/07/25 19:14:44.0456 5968 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/25 19:14:44.0613 5968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/25 19:14:44.0794 5968 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/25 19:14:44.0910 5968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/07/25 19:14:45.0040 5968 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/25 19:14:45.0154 5968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/25 19:14:45.0274 5968 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
2011/07/25 19:14:45.0391 5968 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
2011/07/25 19:14:45.0497 5968 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/07/25 19:14:46.0016 5968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/07/25 19:14:46.0129 5968 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/25 19:14:46.0214 5968 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/07/25 19:14:46.0309 5968 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/25 19:14:46.0453 5968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/25 19:14:46.0548 5968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/25 19:14:46.0642 5968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/25 19:14:46.0734 5968 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2011/07/25 19:14:46.0832 5968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/25 19:14:46.0925 5968 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2011/07/25 19:14:47.0065 5968 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/25 19:14:47.0164 5968 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
2011/07/25 19:14:47.0261 5968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/07/25 19:14:47.0365 5968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/25 19:14:47.0466 5968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/25 19:14:47.0568 5968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/07/25 19:14:48.0423 5968 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 19:14:48.0449 5968 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 19:14:48.0582 5968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/07/25 19:14:48.0702 5968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/25 19:14:48.0898 5968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/25 19:14:49.0062 5968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/25 19:14:49.0299 5968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/25 19:14:49.0446 5968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/25 19:14:49.0569 5968 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/25 19:14:50.0371 5968 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/25 19:14:50.0559 5968 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/25 19:14:50.0649 5968 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/25 19:14:50.0933 5968 Boot (0x1200) (b844436b27c15ea8c03b357d3316fe5c) \Device\Harddisk0\DR0\Partition0
2011/07/25 19:14:50.0960 5968 Boot (0x1200) (7f247955afd32b3a2af14865cc7b57c2) \Device\Harddisk0\DR0\Partition1
2011/07/25 19:14:50.0965 5968 ================================================================================
2011/07/25 19:14:50.0965 5968 Scan finished
2011/07/25 19:14:50.0965 5968 ================================================================================
2011/07/25 19:14:50.0977 6368 Detected object count: 1
2011/07/25 19:14:50.0977 6368 Actual detected object count: 1
2011/07/25 19:14:57.0695 6368 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/25 19:15:03.0405 5708 Deinitialize success


AND THIS ONE IS FROM THE ANTI-MALWARE

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7305

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/27/2011 11:57:45 PM
mbam-log-2011-07-27 (23-57-45).txt

Scan type: Quick scan
Objects scanned: 171933
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by DiTrung, 27 July 2011 - 10:59 PM.


#8 m0usie

m0usie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 28 July 2011 - 11:30 AM

Hi boopme, unfortunately there is no log to post since GMER did not find anything "GMER hasn't found any system modification."

Am I doomed or what? :unsure:
I was wondering if it was a false positive but I doubt it with all those attacks that were blocked by Norton.

Hi guy, this is the third times i got this virus. The other first times i had to re-install my windows because i dont want to bother you guy. However, this time i give up and have to seek for some helps in here. This is my report. Thank you so much.


I'm sorry to hear that Di Trung. I am considering doing a complete reboot of my PC as well. Do you use Firefox? I'm thinking it targets Firefox and I noticed things were odd with my PC while just browsing Facebook on Firefox.

I'm going to see if anything could be done first. And I'm uninstalling Firefox.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 28 July 2011 - 08:52 PM

Hi m0usie and DiTrung

It may be a false positive. Thr are a lot of diiferring bits of info out gthere that I have read.
Symantec says
http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23615

Backdoor.Tidserv is a Trojan horse that uses an advanced rootkit to hide itself. It also displays advertisements, redirects user search results, and opens a back door on the compromised computer. When a computer is compromised by the Trojan, it may attempt to contact a remote computer to provide information or status and also to receive commands.
If you see an alert informing you that this signature has been triggered, it means your computer is infected by a risk and you need to take action to contain and remove the risk from your computer.


Near the bottom of that page is Report possible false positive to Symantec.
I feel you both should do that. Let them tell you for certain what their tool is detecting and not removing or why.
I'd appreciate knowing what they say.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 m0usie

m0usie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 29 July 2011 - 12:59 AM

Ok I will do that and will keep you updated, thank you very much for your time and help!

#11 DiTrung

DiTrung

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 29 July 2011 - 02:44 AM

Hi boopme, first of all i want to thank you and all of the other members for what you guy doing; I really appreciate that.
I'm sorry I dont really understand what you said. Did you mean it might be just a false warning from norton in my computer ?. I think i got infected because when i try to click links on google it redirected me to some adv sites. I also got ping.exe Trojan in my laptop as well, and it slows down my computer like crazy. Sometimes I have to go to task manager to close it. I also did all of the tools symatec gives us on the link that you gave me above but nothing happen. Anyway, i will try to contact Symatec to see what can i do.
@ m0usie: I think i got that from firefox for real. I usually use google chrome but the last 3 days i've been using firefox. I hope you dont have to complete reboot like i did :).
PS: Guy, when i try to contact symatec i ran into something really interesting http://www.symantec.com/connect/blogs/tidserv-and-ms10-015. Man, I keep complaining about how bad sony vaio is but i did not realize that it was from the virus. I got blue green of death literally every single time i try to turn on my laptop.

Edited by DiTrung, 29 July 2011 - 02:52 AM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 29 July 2011 - 10:44 AM

Thank you!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 29 July 2011 - 10:49 AM

DiTrung, the other option we have is to post a DDS log. We are backlogged there about 10 days..

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

Edited by boopme, 29 July 2011 - 07:10 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 m0usie

m0usie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 29 July 2011 - 04:20 PM

I submitted a False Positive report to Symantec so we'll see what they say, I even included a link to this thread lol!

DiTrung I hope I don't have to do a complete reboot as well. I already backed up all of my files, but just realized I don't have the CD to reboot my system anyways because I'm away from home for school and my CD is back home with my parents :wacko: So if it comes down to that I will have to ask my parents to find the CD for me and mail it to me or something. Not fun.

If you post your DDS log and stuff in the other forum area I'll lurk lol. Good luck!

#15 m0usie

m0usie
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 31 July 2011 - 04:46 PM

Hey everyone! Just an update, I believe my PC has been fixed! No pop-up (yet).. I'll keep you updated if it comes back.

Turns out it wasn't a false positive. I was directed to Norton technical support who gave me this info:

Since you have Norton installed on your computer the best way to check if you have a virus on your computer would be to download the latest virus definitions using the Live Update and running a full system scan in safe mode with Networking:

Restart the computer.

While restarting, please keep on tapping F8 key.

You will get a separate window.

In that, please choose Safe mode with networking. (my PC is kinda different so I just chose Safe mode w/networking through msconfig)

Once you log on to safe mode with networking, please follow the instructions mentioned in the link below:

http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20090311125006EN



Just follow all of the instructions there. Now for me personally, I tried to install the updates from the website but it would not work for me.

So I ended up clicking the link "I cannot download and run Intelligent Updater"
And since I already tried the Norton Bootable Recovery Tool before and it didn't work for me, I selected "I want to run a scan using Norton Security Scan"
Then I followed all of those directions and it found a Trojan and removed it!

Then I followed the rest of the directions.

Good luck everyone and thanks again for your assistance boopme! Keep up the great work




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users