Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove Tidserv Activity 2 Infection


  • Please log in to reply
5 replies to this topic

#1 mikeres

mikeres

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 21 December 2011 - 03:58 PM

Hi folks,

I'm running Windows XP with Norton anti-virus. A little window pops up to tell me: Threat requiring manual removal detected: System Infected: Tidserv Activity 2.

I clicked on "tell me how", downloaded the file FixTDSS.exe and ran it after disabling System Restore. I followed all the instructions, the program scanned my system and finally came up with a small screen that says "Backdoor.Tidserv has not been found on your computer"

I ran this TDDS Fix Tool several times, all with the same result. My Norton scans are not reporting a problem but that little window still pops up in the lower right of my screen telling me "Threat requiring manual removal detected: System Infected: Tidserv Activity 2"

Yesterday I noticed that the process "ping.exe" was sucking a lot of CPU time - up to 98%. I have no idea how long that's been happening but I suspect it is related to the infection described above. I try to kill the process in Windows Task Manager but it restarts itself after a short time.

I also was having problems getting executable files to boot but I found a cool little program that did something to my registry and the symptom is now gone. I suspect that this, also, is related to the above infection.

Any help in removing this virus will be greatly appreciated.

Michael

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:19 AM

Posted 21 December 2011 - 04:24 PM

Can you post the logs from TDSSKiller?

#3 mikeres

mikeres
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 21 December 2011 - 04:38 PM

Logs from TDSSKiller.

Note: Even though Kaspersky tells me that all threats are neutralized, Rootkit.Win32.Access.aml reappears on the next scan.

14:29:00.0000 2288 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
14:29:00.0031 2288 ============================================================
14:29:00.0031 2288 Current date / time: 2011/12/21 14:29:00.0031
14:29:00.0031 2288 SystemInfo:
14:29:00.0031 2288
14:29:00.0031 2288 OS Version: 5.1.2600 ServicePack: 3.0
14:29:00.0031 2288 Product type: Workstation
14:29:00.0031 2288 ComputerName: BART
14:29:00.0031 2288 UserName: HP_Administrator
14:29:00.0031 2288 Windows directory: C:\WINDOWS
14:29:00.0031 2288 System windows directory: C:\WINDOWS
14:29:00.0031 2288 Processor architecture: Intel x86
14:29:00.0031 2288 Number of processors: 2
14:29:00.0031 2288 Page size: 0x1000
14:29:00.0031 2288 Boot type: Normal boot
14:29:00.0031 2288 ============================================================
14:29:01.0312 2288 Initialize success
14:29:07.0703 1728 ============================================================
14:29:07.0703 1728 Scan started
14:29:07.0703 1728 Mode: Manual;
14:29:07.0703 1728 ============================================================
14:29:08.0078 1728 Abiosdsk - ok
14:29:08.0093 1728 abp480n5 - ok
14:29:08.0156 1728 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:29:08.0156 1728 ACPI - ok
14:29:08.0343 1728 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:29:08.0343 1728 ACPIEC - ok
14:29:08.0437 1728 adfs - ok
14:29:08.0484 1728 adpu160m - ok
14:29:08.0546 1728 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:29:08.0546 1728 aec - ok
14:29:08.0593 1728 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:29:08.0609 1728 AFD - ok
14:29:08.0671 1728 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:29:08.0703 1728 AgereSoftModem - ok
14:29:08.0718 1728 Aha154x - ok
14:29:08.0734 1728 aic78u2 - ok
14:29:08.0765 1728 aic78xx - ok
14:29:08.0796 1728 AliIde - ok
14:29:08.0828 1728 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:29:08.0828 1728 AmdK8 - ok
14:29:08.0843 1728 amsint - ok
14:29:08.0890 1728 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
14:29:08.0890 1728 aracpi - ok
14:29:08.0906 1728 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
14:29:08.0906 1728 arhidfltr - ok
14:29:08.0937 1728 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
14:29:08.0937 1728 arkbcfltr - ok
14:29:08.0953 1728 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
14:29:08.0953 1728 armoucfltr - ok
14:29:09.0031 1728 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:29:09.0031 1728 Arp1394 - ok
14:29:09.0046 1728 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
14:29:09.0062 1728 ARPolicy - ok
14:29:09.0078 1728 asc - ok
14:29:09.0093 1728 asc3350p - ok
14:29:09.0109 1728 asc3550 - ok
14:29:09.0203 1728 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:29:09.0203 1728 AsyncMac - ok
14:29:09.0250 1728 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:29:09.0250 1728 atapi - ok
14:29:09.0265 1728 Atdisk - ok
14:29:09.0312 1728 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:29:09.0312 1728 Atmarpc - ok
14:29:09.0359 1728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:29:09.0359 1728 audstub - ok
14:29:09.0390 1728 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:29:09.0390 1728 Beep - ok
14:29:09.0718 1728 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111210.003\BHDrvx86.sys
14:29:09.0718 1728 BHDrvx86 - ok
14:29:09.0921 1728 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:29:09.0921 1728 cbidf2k - ok
14:29:10.0000 1728 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:29:10.0000 1728 CCDECODE - ok
14:29:10.0046 1728 cd20xrnt - ok
14:29:10.0093 1728 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:29:10.0093 1728 Cdaudio - ok
14:29:10.0140 1728 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:29:10.0156 1728 Cdfs - ok
14:29:10.0250 1728 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:29:10.0250 1728 Cdrom - ok
14:29:10.0296 1728 Changer - ok
14:29:10.0343 1728 CmdIde - ok
14:29:10.0375 1728 Cpqarray - ok
14:29:10.0437 1728 dac2w2k - ok
14:29:10.0484 1728 dac960nt - ok
14:29:10.0562 1728 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:29:10.0562 1728 Disk - ok
14:29:10.0796 1728 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:29:10.0796 1728 dmboot - ok
14:29:10.0812 1728 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:29:10.0828 1728 dmio - ok
14:29:10.0843 1728 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:29:10.0843 1728 dmload - ok
14:29:10.0890 1728 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:29:10.0890 1728 DMusic - ok
14:29:10.0921 1728 dpti2o - ok
14:29:10.0984 1728 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:29:10.0984 1728 drmkaud - ok
14:29:11.0140 1728 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:29:11.0140 1728 eeCtrl - ok
14:29:11.0203 1728 Eplpdx02 - ok
14:29:11.0234 1728 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:29:11.0234 1728 EraserUtilRebootDrv - ok
14:29:11.0312 1728 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:29:11.0312 1728 Fastfat - ok
14:29:11.0375 1728 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:29:11.0375 1728 Fdc - ok
14:29:11.0390 1728 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:29:11.0390 1728 Fips - ok
14:29:11.0421 1728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:29:11.0421 1728 Flpydisk - ok
14:29:11.0468 1728 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:29:11.0484 1728 FltMgr - ok
14:29:11.0531 1728 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:29:11.0531 1728 Fs_Rec - ok
14:29:11.0562 1728 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:29:11.0562 1728 Ftdisk - ok
14:29:11.0578 1728 ftsata2 - ok
14:29:11.0656 1728 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:29:11.0656 1728 GEARAspiWDM - ok
14:29:11.0718 1728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:29:11.0718 1728 Gpc - ok
14:29:11.0734 1728 gqmxu - ok
14:29:11.0812 1728 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:29:11.0812 1728 HDAudBus - ok
14:29:11.0859 1728 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:29:11.0859 1728 HidUsb - ok
14:29:11.0875 1728 hpn - ok
14:29:11.0953 1728 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:29:11.0953 1728 HPZid412 - ok
14:29:11.0968 1728 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:29:11.0984 1728 HPZipr12 - ok
14:29:12.0046 1728 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:29:12.0046 1728 HPZius12 - ok
14:29:12.0109 1728 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:29:12.0109 1728 HTTP - ok
14:29:12.0140 1728 i2omgmt - ok
14:29:12.0156 1728 i2omp - ok
14:29:12.0203 1728 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:29:12.0203 1728 i8042prt - ok
14:29:12.0296 1728 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:29:12.0312 1728 iaStor - ok
14:29:12.0609 1728 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111219.001\IDSxpx86.sys
14:29:12.0625 1728 IDSxpx86 - ok
14:29:12.0828 1728 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:29:12.0828 1728 Imapi - ok
14:29:12.0890 1728 ini910u - ok
14:29:13.0390 1728 IntcAzAudAddService (7ecae647d3fed13534e2fd63c8c1fab2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:29:13.0453 1728 IntcAzAudAddService - ok
14:29:13.0531 1728 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:29:13.0531 1728 IntelIde - ok
14:29:13.0578 1728 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:29:13.0578 1728 intelppm - ok
14:29:13.0609 1728 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:29:13.0609 1728 Ip6Fw - ok
14:29:13.0640 1728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:29:13.0656 1728 IpFilterDriver - ok
14:29:13.0703 1728 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:29:13.0718 1728 IpInIp - ok
14:29:13.0828 1728 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:29:13.0828 1728 IpNat - ok
14:29:13.0890 1728 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:29:13.0890 1728 IPSec - ok
14:29:13.0953 1728 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:29:13.0953 1728 IRENUM - ok
14:29:14.0015 1728 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:29:14.0015 1728 isapnp - ok
14:29:14.0109 1728 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:29:14.0109 1728 Kbdclass - ok
14:29:14.0218 1728 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:29:14.0218 1728 kmixer - ok
14:29:14.0296 1728 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:29:14.0296 1728 KSecDD - ok
14:29:14.0328 1728 lbrtfdc - ok
14:29:14.0515 1728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:29:14.0515 1728 mnmdd - ok
14:29:14.0609 1728 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:29:14.0609 1728 Modem - ok
14:29:14.0703 1728 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:29:14.0703 1728 Mouclass - ok
14:29:14.0796 1728 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:29:14.0796 1728 mouhid - ok
14:29:14.0859 1728 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:29:14.0859 1728 MountMgr - ok
14:29:14.0906 1728 mraid35x - ok
14:29:15.0000 1728 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:29:15.0000 1728 MRxDAV - ok
14:29:15.0203 1728 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:29:15.0203 1728 MRxSmb - ok
14:29:15.0281 1728 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:29:15.0281 1728 Msfs - ok
14:29:15.0328 1728 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:29:15.0328 1728 MSKSSRV - ok
14:29:15.0343 1728 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:29:15.0343 1728 MSPCLOCK - ok
14:29:15.0421 1728 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:29:15.0421 1728 MSPQM - ok
14:29:15.0484 1728 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:29:15.0484 1728 mssmbios - ok
14:29:15.0562 1728 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:29:15.0562 1728 MSTEE - ok
14:29:15.0609 1728 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:29:15.0625 1728 Mup - ok
14:29:15.0671 1728 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:29:15.0703 1728 NABTSFEC - ok
14:29:15.0984 1728 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111220.002\NAVENG.SYS
14:29:15.0984 1728 NAVENG - ok
14:29:16.0531 1728 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111220.002\NAVEX15.SYS
14:29:16.0562 1728 NAVEX15 - ok
14:29:17.0218 1728 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:29:17.0218 1728 NDIS - ok
14:29:17.0593 1728 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:29:17.0593 1728 NdisIP - ok
14:29:17.0890 1728 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:29:17.0890 1728 NdisTapi - ok
14:29:18.0281 1728 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:29:18.0281 1728 Ndisuio - ok
14:29:18.0359 1728 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:29:18.0359 1728 NdisWan - ok
14:29:18.0421 1728 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:29:18.0421 1728 NDProxy - ok
14:29:18.0468 1728 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:29:18.0468 1728 NetBIOS - ok
14:29:18.0515 1728 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:29:18.0531 1728 NetBT - ok
14:29:18.0578 1728 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:29:18.0578 1728 NIC1394 - ok
14:29:18.0625 1728 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\NPF.sys
14:29:18.0625 1728 NPF - ok
14:29:18.0656 1728 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:29:18.0656 1728 Npfs - ok
14:29:18.0687 1728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:29:18.0703 1728 Ntfs - ok
14:29:18.0750 1728 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:29:18.0750 1728 Null - ok
14:29:18.0937 1728 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:29:19.0000 1728 nv - ok
14:29:19.0046 1728 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:29:19.0046 1728 NVENETFD - ok
14:29:19.0078 1728 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:29:19.0078 1728 nvnetbus - ok
14:29:19.0125 1728 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:29:19.0125 1728 NwlnkFlt - ok
14:29:19.0140 1728 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:29:19.0140 1728 NwlnkFwd - ok
14:29:19.0203 1728 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:29:19.0203 1728 ohci1394 - ok
14:29:19.0265 1728 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:29:19.0265 1728 Parport - ok
14:29:19.0281 1728 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:29:19.0281 1728 PartMgr - ok
14:29:19.0312 1728 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:29:19.0312 1728 ParVdm - ok
14:29:19.0328 1728 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:29:19.0328 1728 PCI - ok
14:29:19.0343 1728 PCIDump - ok
14:29:19.0375 1728 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:29:19.0375 1728 PCIIde - ok
14:29:19.0406 1728 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:29:19.0421 1728 Pcmcia - ok
14:29:19.0437 1728 PDCOMP - ok
14:29:19.0453 1728 PDFRAME - ok
14:29:19.0468 1728 PDRELI - ok
14:29:19.0484 1728 PDRFRAME - ok
14:29:19.0515 1728 perc2 - ok
14:29:19.0531 1728 perc2hib - ok
14:29:19.0593 1728 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:29:19.0593 1728 PptpMiniport - ok
14:29:19.0609 1728 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:29:19.0609 1728 Processor - ok
14:29:19.0656 1728 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
14:29:19.0656 1728 Ps2 - ok
14:29:19.0687 1728 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:29:19.0687 1728 PSched - ok
14:29:19.0718 1728 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:29:19.0718 1728 Ptilink - ok
14:29:19.0765 1728 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:29:19.0765 1728 PxHelp20 - ok
14:29:19.0781 1728 ql1080 - ok
14:29:19.0796 1728 Ql10wnt - ok
14:29:19.0828 1728 ql12160 - ok
14:29:19.0843 1728 ql1240 - ok
14:29:19.0859 1728 ql1280 - ok
14:29:19.0906 1728 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:29:19.0906 1728 RasAcd - ok
14:29:19.0968 1728 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:29:19.0968 1728 Rasl2tp - ok
14:29:19.0984 1728 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:29:19.0984 1728 RasPppoe - ok
14:29:20.0015 1728 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:29:20.0031 1728 Raspti - ok
14:29:20.0062 1728 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:29:20.0078 1728 Rdbss - ok
14:29:20.0109 1728 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:29:20.0109 1728 RDPCDD - ok
14:29:20.0171 1728 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:29:20.0187 1728 rdpdr - ok
14:29:20.0250 1728 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:29:20.0250 1728 RDPWD - ok
14:29:20.0281 1728 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:29:20.0281 1728 redbook - ok
14:29:20.0312 1728 RkPavproc1 - ok
14:29:20.0359 1728 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:29:20.0359 1728 rtl8139 - ok
14:29:20.0421 1728 s3m (22098a69bddf00b6a88264bf0996ccaa) C:\WINDOWS\system32\DRIVERS\s3m.sys
14:29:20.0421 1728 s3m - ok
14:29:20.0500 1728 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:29:20.0500 1728 Secdrv - ok
14:29:20.0625 1728 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:29:20.0625 1728 Serial - ok
14:29:20.0718 1728 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:29:20.0718 1728 Sfloppy - ok
14:29:20.0734 1728 Simbad - ok
14:29:20.0796 1728 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:29:20.0796 1728 SLIP - ok
14:29:20.0875 1728 SNDP202 (220d82ff4983483cc9805553554fbfd7) C:\WINDOWS\system32\DRIVERS\sndp202.sys
14:29:20.0875 1728 SNDP202 - ok
14:29:20.0890 1728 Sparrow - ok
14:29:20.0953 1728 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:29:20.0953 1728 splitter - ok
14:29:21.0000 1728 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:29:21.0000 1728 sr - ok
14:29:21.0109 1728 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
14:29:21.0125 1728 SRTSP - ok
14:29:21.0156 1728 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
14:29:21.0156 1728 SRTSPX - ok
14:29:21.0218 1728 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:29:21.0218 1728 Srv - ok
14:29:21.0296 1728 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:29:21.0296 1728 streamip - ok
14:29:21.0359 1728 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:29:21.0359 1728 swenum - ok
14:29:21.0406 1728 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:29:21.0406 1728 swmidi - ok
14:29:21.0437 1728 symc810 - ok
14:29:21.0453 1728 symc8xx - ok
14:29:21.0750 1728 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
14:29:21.0765 1728 SymDS - ok
14:29:22.0515 1728 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
14:29:22.0531 1728 SymEFA - ok
14:29:22.0734 1728 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:29:22.0734 1728 SymEvent - ok
14:29:22.0859 1728 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
14:29:22.0859 1728 SymIRON - ok
14:29:22.0937 1728 SymSMR130 (1034bb96ee47ef6bd94eb5ff9c721987) C:\WINDOWS\System32\drivers\SymSMR130.SYS
14:29:22.0937 1728 Suspicious file (Forged): C:\WINDOWS\System32\drivers\SymSMR130.SYS. Real md5: 1034bb96ee47ef6bd94eb5ff9c721987, Fake md5: d5aaac2d54a7cfbd8bb478cf0fd1f46c
14:29:22.0937 1728 SymSMR130 ( Rootkit.Win32.ZAccess.aml ) - infected
14:29:22.0937 1728 SymSMR130 - detected Rootkit.Win32.ZAccess.aml (0)
14:29:22.0984 1728 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS
14:29:22.0984 1728 SYMTDI - ok
14:29:23.0000 1728 sym_hi - ok
14:29:23.0015 1728 sym_u3 - ok
14:29:23.0078 1728 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:29:23.0078 1728 sysaudio - ok
14:29:23.0156 1728 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:29:23.0171 1728 Tcpip - ok
14:29:23.0218 1728 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:29:23.0218 1728 TDPIPE - ok
14:29:23.0281 1728 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:29:23.0281 1728 TDTCP - ok
14:29:23.0343 1728 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:29:23.0343 1728 TermDD - ok
14:29:23.0375 1728 TosIde - ok
14:29:23.0453 1728 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:29:23.0453 1728 Udfs - ok
14:29:23.0468 1728 ultra - ok
14:29:23.0546 1728 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:29:23.0546 1728 Update - ok
14:29:23.0625 1728 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:29:23.0625 1728 usbccgp - ok
14:29:23.0656 1728 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:29:23.0656 1728 usbehci - ok
14:29:23.0671 1728 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:29:23.0687 1728 usbhub - ok
14:29:23.0703 1728 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:29:23.0703 1728 usbohci - ok
14:29:23.0765 1728 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:29:23.0765 1728 usbprint - ok
14:29:23.0828 1728 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:29:23.0828 1728 usbscan - ok
14:29:23.0843 1728 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:29:23.0843 1728 usbstor - ok
14:29:23.0906 1728 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:29:23.0906 1728 usbuhci - ok
14:29:23.0968 1728 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:29:23.0968 1728 VgaSave - ok
14:29:24.0015 1728 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:29:24.0015 1728 ViaIde - ok
14:29:24.0046 1728 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:29:24.0046 1728 VolSnap - ok
14:29:24.0093 1728 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:29:24.0093 1728 Wanarp - ok
14:29:24.0109 1728 WDICA - ok
14:29:24.0140 1728 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:29:24.0140 1728 wdmaud - ok
14:29:24.0250 1728 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:29:24.0250 1728 WS2IFSL - ok
14:29:24.0312 1728 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:29:24.0312 1728 WSTCODEC - ok
14:29:24.0359 1728 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:29:24.0359 1728 WudfPf - ok
14:29:24.0390 1728 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:29:24.0390 1728 WudfRd - ok
14:29:24.0437 1728 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:29:24.0703 1728 \Device\Harddisk1\DR1 - ok
14:29:24.0718 1728 MBR (0x1B8) (ed18b096bc416bfb306882a7c2eba877) \Device\Harddisk0\DR0
14:29:24.0875 1728 \Device\Harddisk0\DR0 - ok
14:29:24.0890 1728 Boot (0x1200) (1952ec8bd733e19a338996ea61427d88) \Device\Harddisk1\DR1\Partition0
14:29:24.0906 1728 \Device\Harddisk1\DR1\Partition0 - ok
14:29:24.0906 1728 Boot (0x1200) (2cd35d737775306509129412664944c8) \Device\Harddisk0\DR0\Partition0
14:29:24.0906 1728 \Device\Harddisk0\DR0\Partition0 - ok
14:29:24.0906 1728 Boot (0x1200) (0d028527d15521e6481757259feb8690) \Device\Harddisk0\DR0\Partition1
14:29:24.0921 1728 \Device\Harddisk0\DR0\Partition1 - ok
14:29:24.0921 1728 ============================================================
14:29:24.0921 1728 Scan finished
14:29:24.0921 1728 ============================================================
14:29:24.0937 0816 Detected object count: 1
14:29:24.0937 0816 Actual detected object count: 1
14:29:54.0796 0816 Backup copy not found, trying to cure infected file..
14:29:54.0796 0816 C:\WINDOWS\System32\drivers\SymSMR130.SYS - Cure failed (FFFFFFFF)
14:29:54.0796 0816 C:\WINDOWS\System32\drivers\SymSMR130.SYS - processing error
14:29:56.0796 0816 SymSMR130 ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 21 December 2011 - 05:05 PM

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include this link back to this topic.

http://www.bleepingcomputer.com/forums/topic433801.html

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mikeres

mikeres
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 22 December 2011 - 10:37 AM

Hi folks,

I want to thank you for the help and to report what I consider a Christmas Miracle! After posting yesterday I started to fool around with some of the anti virus programs and especially Kaspersky TDSSKiller. I had run Kaspersky a number of times in the past and could never manage to remove the offending virus. Well, after deleting a bunch of minor threats, requesting cures and quarantines and multiple restarts Kaspersky quit reporting any threats. Frankly, I'm know it is not good practice to randomly delete stuff and click on things unless you know exactly what you're doing, but given my level of frustration, I think you can understand my state of mind.

Anyhow, I no longer have that little pop-up in the lower right of my screen telling me "Threat requiring manual removal detected: System Infected: Tidserv Activity 2", Kaspersky and Norton scans report no problems and that pesky ping.exe process no longer appears in my Task Manager to suck up processing power.

I'm going to thank you for your quick response and keep my fingers crossed while I hope I won't be needing your assistance for a long, long time.

Happy Holidays,

Michael

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:19 AM

Posted 22 December 2011 - 02:07 PM

MikeRes,

Please follow the advise outlined in post number 4.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users