Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A HTTPS Tidserv Request 2 message keeps popping up.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 16th, 2010, 3:35 am

Hi Cypher, here is the ESET log. I'm hoping it's good news :p Also, is it safe for me to use this computer for activities such as online banking? As for performance, the computer seems to be working fine, except for getting another one of those notices from Norton I told you about in my previous post. If it's a false positive as you say, is there a way for me to make Norton recognise it as non-threatening, or do I just ignore it until it goes away? Thanks for your time again :)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cbf685685eba2442a5357b580a4650d8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-16 07:25:12
# local_time=2010-05-16 05:25:12 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 53632 53632 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777189 100 100 724699 22219366 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=261896
# found=0
# cleaned=0
# scan_time=14908
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am
Advertisement
Register to Remove

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 16th, 2010, 6:24 am

Hi :)
When Norton detects this threat does it give a location for it as in a file path?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 16th, 2010, 7:42 am

Hi Cypher, it does not give a file location, so I just print screened it for you to have a look. Should I just run a full scan with Norton? Right now these messages just pop out of the taskbar. I have not received any of the messages today however. Thanks :)

Image
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 16th, 2010, 7:52 am

Hi.
Lets run another scan to see if it picks up anything.


Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 17th, 2010, 7:05 am

Hi Cyhper, I am currently using the laptop to post this as the computer is running the GMER scan. I was wondering though if it's meant to take this long? Currently it's been over an hour, and I seemed to have difficulty getting the scan to start in the first place. I had to cancel the scan because I forgot to sign out of msn, and upon starting it up again, GMER froze. I had to restart the computer, and upon reboot I was unable to open Firefox. Had to reboot again to use GMER. Should I also disable Norton maybe? I am unsure as to whether or not I should cancel the scan or just let it run (it does not seem to be frozen, as I can see it scanning a different file each time I look. It just stays on that one file for awhile). Thanks :)
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 17th, 2010, 7:38 am

Hi.
Yes this scan can take some time to run as it's a very in depth scan.
If you have further problems with the scan disable Norton and try again.
If you still have problems run it in safe mode.
Do not run any programs or mouse click while Gmer is running.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 19th, 2010, 10:14 pm

Hi cypher, sorry for the delay, I have had to use the computer for work recently. I will try to get the Gmer log done ASAP.
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 20th, 2010, 5:30 am

Hi.
Please post the gmer log within the next 48 hours.
Out of interest is this PC used for business purposes?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 20th, 2010, 6:21 am

No not to worry, I am only using it for university work. I am running GMER now with the computer in safe mode (using a laptop now), will post the results when it's done. Thanks for your time.
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 20th, 2010, 6:46 am

Ok post the gmer log when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 21st, 2010, 1:43 am

Sorry for the late reply, I had to leave the scan running overnight. Here is the log. The computer kept restarting after awhile during the scan, so I did end up having to reboot in safe mode. I logged in as administrator though, instead of the usual account because we usually just turn on the computer without logging in and I forgot that you said to log in with the usual account. Sorry if this has caused problems. Thank you for your time :)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-21 07:44:15
Windows 5.1.2600 Service Pack 3
Running: u0vmid37.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypob.sys


---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

---- EOF - GMER 1.0.15 ----
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 21st, 2010, 5:14 am

Hi.
I need you to log into the account that you use when Norton gives you this alert.
Are you still getting those alerts from Norton?
Lets take a look with this.

TDSSKiller
  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below, Do not include the word Code:
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • A log file should be created on your desktop called tdskiller.txt, Please post the contents of that log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 21st, 2010, 6:56 am

Hi cypher, so are you saying that you want me to rerun GMER with the normal account? And no, I have not been getting the alerts from Norton. Should I run a Norton full system scan to double check? I will run the TDSS program now, thanks.
Last edited by BASS in SPACE on May 21st, 2010, 7:01 am, edited 1 time in total.
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby BASS in SPACE » May 21st, 2010, 6:59 am

Here is the log:

20:58:31:484 0640 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
20:58:31:484 0640 ================================================================================
20:58:31:484 0640 SystemInfo:

20:58:31:484 0640 OS Version: 5.1.2600 ServicePack: 3.0
20:58:31:484 0640 Product type: Workstation
20:58:31:484 0640 ComputerName: SM
20:58:31:500 0640 UserName: LSM
20:58:31:500 0640 Windows directory: C:\WINDOWS
20:58:31:500 0640 Processor architecture: Intel x86
20:58:31:500 0640 Number of processors: 2
20:58:31:500 0640 Page size: 0x1000
20:58:31:500 0640 Boot type: Normal boot
20:58:31:500 0640 ================================================================================
20:58:31:515 0640 UnloadDriverW: NtUnloadDriver error 2
20:58:31:515 0640 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
20:58:31:671 0640 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:58:31:671 0640 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:58:31:671 0640 wfopen_ex: Trying to KLMD file open
20:58:31:671 0640 wfopen_ex: File opened ok (Flags 2)
20:58:31:671 0640 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:58:31:671 0640 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:58:31:671 0640 wfopen_ex: Trying to KLMD file open
20:58:31:671 0640 wfopen_ex: File opened ok (Flags 2)
20:58:31:671 0640 KLAVA engine initialized
20:58:31:843 0640 Initialize success
20:58:31:843 0640
20:58:31:843 0640 Scanning Services ...
20:58:32:390 0640 Raw services enum returned 381 services
20:58:32:406 0640
20:58:32:406 0640 Scanning Drivers ...
20:58:32:750 0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:58:32:796 0640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:58:32:859 0640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:58:32:906 0640 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:58:33:000 0640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:58:33:031 0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:58:33:078 0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:58:33:109 0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:58:33:140 0640 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:58:33:156 0640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:58:33:234 0640 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
20:58:33:265 0640 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
20:58:33:296 0640 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
20:58:33:312 0640 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
20:58:33:328 0640 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys
20:58:33:375 0640 BrParWdm (108d5c678411ac5b53d51756177d50a4) C:\WINDOWS\system32\Drivers\BrParwdm.sys
20:58:33:421 0640 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
20:58:33:468 0640 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
20:58:33:562 0640 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
20:58:33:609 0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:58:33:656 0640 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:58:33:718 0640 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
20:58:33:765 0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:58:33:796 0640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:58:33:812 0640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:58:33:859 0640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:58:33:906 0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:58:33:953 0640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:58:33:968 0640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:58:34:000 0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:58:34:031 0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:58:34:078 0640 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:58:34:171 0640 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:58:34:203 0640 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:58:34:234 0640 EuMusDesignVirtualAudioCableWdm (b7dcb66d8be1ba4361bdb3781e9deb1b) C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys
20:58:34:265 0640 exdisk (99fe0e417271bf736e74f8a66cfff6a9) C:\WINDOWS\system32\DRIVERS\exdisk.sys
20:58:34:375 0640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:58:34:421 0640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:58:34:437 0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:58:34:453 0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:58:34:468 0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:58:34:515 0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:58:34:515 0640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:58:34:640 0640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:58:34:671 0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:58:34:718 0640 GVCplDrv (f22bf7f345df95c09942951246aaa28d) C:\WINDOWS\system32\drivers\GVCplDrv.sys
20:58:34:765 0640 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:58:34:812 0640 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:58:34:875 0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:58:34:906 0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:58:35:015 0640 IDSxpx86 (6e42876010256ee5119baf0838574e0c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100513.002\IDSxpx86.sys
20:58:35:031 0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:58:35:078 0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:58:35:093 0640 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:58:35:156 0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:58:35:234 0640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:58:35:265 0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:58:35:281 0640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:58:35:296 0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:58:35:312 0640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:58:35:359 0640 k600bus (53d606019bb0f0c6b3e6ec9d2e0f7622) C:\WINDOWS\system32\DRIVERS\k600bus.sys
20:58:35:390 0640 k600mdfl (c0d81f66557847bbb7f5b9980bc2ea2e) C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
20:58:35:421 0640 k600mdm (646900b2921bad4757b427d2d328ec96) C:\WINDOWS\system32\DRIVERS\k600mdm.sys
20:58:35:437 0640 k600mgmt (3990320cfef38b038c012029257e2300) C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
20:58:35:468 0640 k600obex (1578cb8176d08cc4d3dbe094c62fc236) C:\WINDOWS\system32\DRIVERS\k600obex.sys
20:58:35:515 0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:58:35:562 0640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:58:35:578 0640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:58:35:609 0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:58:35:656 0640 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
20:58:35:687 0640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:58:35:718 0640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:58:35:750 0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:58:35:796 0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:58:35:796 0640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:58:35:843 0640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:58:35:937 0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:58:35:968 0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:58:36:000 0640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:58:36:062 0640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:58:36:109 0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:58:36:156 0640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:58:36:203 0640 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:58:36:265 0640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:58:36:281 0640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:58:36:437 0640 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100520.039\NAVENG.SYS
20:58:36:484 0640 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100520.039\NAVEX15.SYS
20:58:36:531 0640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:58:36:578 0640 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
20:58:36:609 0640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:58:36:640 0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:58:36:671 0640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:58:36:718 0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:58:36:812 0640 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:58:36:812 0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:58:36:843 0640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:58:36:875 0640 nmwcd (28e36e677849174c910faaead3e60e9e) C:\WINDOWS\system32\drivers\ccdcmb.sys
20:58:36:937 0640 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\WINDOWS\system32\drivers\ccdcmbo.sys
20:58:36:968 0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:58:37:031 0640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:58:37:078 0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:58:37:218 0640 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:58:37:359 0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:58:37:375 0640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:58:37:406 0640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:58:37:421 0640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:58:37:468 0640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:58:37:500 0640 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:58:37:515 0640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:58:37:546 0640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:58:37:593 0640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:58:37:781 0640 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
20:58:37:796 0640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:58:37:812 0640 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:58:37:828 0640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:58:37:859 0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:58:37:937 0640 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:58:38:000 0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:58:38:015 0640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:58:38:015 0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:58:38:031 0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:58:38:046 0640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:58:38:062 0640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:58:38:093 0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:58:38:109 0640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:58:38:125 0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:58:38:171 0640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:58:38:187 0640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:58:38:203 0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:58:38:218 0640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:58:38:265 0640 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
20:58:38:296 0640 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:58:38:312 0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:58:38:328 0640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:58:38:406 0640 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
20:58:38:421 0640 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
20:58:38:468 0640 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
20:58:38:562 0640 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
20:58:38:578 0640 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:58:38:781 0640 StudioPro (22977b87eebead336e92f9eccb2f43d0) C:\WINDOWS\system32\DRIVERS\StudioPro.sys
20:58:39:093 0640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:58:39:296 0640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:58:39:359 0640 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
20:58:39:406 0640 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:58:39:437 0640 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
20:58:39:453 0640 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
20:58:39:500 0640 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:58:39:500 0640 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:58:39:531 0640 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys
20:58:39:546 0640 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
20:58:39:578 0640 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
20:58:39:593 0640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:58:39:640 0640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:58:39:671 0640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:58:39:703 0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:58:39:781 0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:58:39:812 0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:58:39:890 0640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:58:39:937 0640 upperdev (b1b8bee26227dad9835019201552cb05) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
20:58:40:031 0640 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:58:40:078 0640 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:58:40:140 0640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:58:40:156 0640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:58:40:171 0640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:58:40:218 0640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:58:40:234 0640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:58:40:281 0640 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
20:58:40:312 0640 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
20:58:40:328 0640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:58:40:343 0640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:58:40:359 0640 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:58:40:375 0640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:58:40:390 0640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:58:40:406 0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:58:40:437 0640 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:58:40:531 0640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:58:40:593 0640 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:58:40:640 0640 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:58:40:687 0640 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:58:40:734 0640 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:58:40:781 0640 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:58:40:781 0640
20:58:40:781 0640 Completed
20:58:40:781 0640
20:58:40:781 0640 Results:
20:58:40:781 0640 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:58:40:781 0640 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:58:40:796 0640
20:58:40:796 0640 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:58:40:796 0640 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:58:40:796 0640 KLMD(ARK) unloaded successfully
BASS in SPACE
Regular Member
 
Posts: 22
Joined: May 9th, 2010, 1:54 am

Re: A HTTPS Tidserv Request 2 message keeps popping up.

Unread postby Cypher » May 21st, 2010, 7:28 am

Hi BASS in SPACE.
The TDSS log looks good.
Yes run a full scan with Norton and let me know if it's detecting any problems now and we will take it from there.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware