Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had windows vista 2012, now constant connection blocks from ping.exe, svchost.exe and browsers


  • This topic is locked This topic is locked
37 replies to this topic

#1 p3456

p3456

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 30 November 2011 - 12:26 AM

I got the windows vista security 2012 malware, and after following the removal process described on the site I am still having some remnants it appears. I get constant port connection blocks from mbam on various ips, usually from ping.exe, but also from svchost.exe and firefox.exe or iexplorer.exe.

I've run DDS; here is DDS.txt.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26
Run by Paul at 0:08:59 on 2011-11-30
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3581.1730 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111108230125.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [LoJackForLaptops] c:\program files\lflinstall\InstallManager.exe /d60 /dd1 /bd0
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.umbc.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{A0D282C0-1383-4691-A7F4-E68E9D84500D} : DhcpNameServer = 192.168.1.1 71.242.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
LSA: Notification Packages = scecli psqlpwd
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\7omobig8.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-10 464176]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-10 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-10 165680]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-10 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-28 22216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-10 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-10 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-10 338176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-10 87656]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-12-4 209408]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
.
=============== Created Last 30 ================
.
2011-11-28 06:10:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-11-28 06:10:30 -------- d-----w- c:\program files\NVIDIA Corporation
2011-11-28 05:14:56 -------- d-----w- c:\users\paul\appdata\roaming\Malwarebytes
2011-11-28 05:14:47 -------- d-----w- c:\programdata\Malwarebytes
2011-11-28 05:14:44 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 05:14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 04:00:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 04:00:49 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:00:47 707584 ----a-w- c:\program files\common files\system\wab32.dll
.
==================== Find3M ====================
.
2011-11-28 02:26:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 0:18:52.24 ===============

Thanks In advance,
Paul

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:37 PM

Posted 03 December 2011 - 10:47 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 p3456

p3456
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 05 December 2011 - 06:44 PM

Gringo,

Thanks for the reply. Its taken me so long because ComboFix does not run to completion on my computer. I've tried many times, even let it run for 8 hours +. Each time it hangs on the Autoscan phase. I have rebooted a couple of times and my anti-virus/anti-malware are turned off.

I no longer see ping.exe, and before running combofix my computer had autorestarted for something or another. I no longer was getting outgoing connection blocked messages. I think this to be because my computer can no longer connect to the internet. It fails to obtain an dchp lease now.

What should I do now?

Thanks,
Paul

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:37 PM

Posted 06 December 2011 - 01:42 AM

Hello

Ok lets try this,(don't let it run for more than an hour if you see no progress) I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 p3456

p3456
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 07 December 2011 - 07:13 PM

Gringo,

I booted into safe mode and tried to run combofix. it stopped at the same point. I noticed a couple of things.

1. When i start up it tells me my recycle bin on C:\ is corrupted, and prompts to fix it
2. Even after an hour, one of the combo fix processing .3xe is using cpu in task manager
3. When i right click and run as admin in safe mode it still complains that admin privaleges are needed.


I don't know what I am doing wrong.

Thanks,
Paul

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:37 PM

Posted 07 December 2011 - 07:38 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 p3456

p3456
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 07 December 2011 - 10:26 PM

Ran tddskiller. here is the Report.

222222.0720 5772 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 132106
222222.0782 5772 ============================================================
222222.0782 5772 Current date time 20111207 222222.0782
222222.0782 5772 SystemInfo
222222.0782 5772
222222.0782 5772 OS Version 6.0.6002 ServicePack 2.0
222222.0782 5772 Product type Workstation
222222.0782 5772 ComputerName PAUL-PC
222222.0782 5772 UserName Paul
222222.0782 5772 Windows directory CWindows
222222.0782 5772 System windows directory CWindows
222222.0782 5772 Processor architecture Intel x86
222222.0782 5772 Number of processors 2
222222.0782 5772 Page size 0x1000
222222.0782 5772 Boot type Normal boot
222222.0782 5772 ============================================================
222223.0624 5772 Initialize success
222234.0654 2800 ============================================================
222234.0654 2800 Scan started
222234.0654 2800 Mode Manual;
222234.0654 2800 ============================================================
222235.0902 2800 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) CWindowssystem32driversacpi.sys
222235.0902 2800 ACPI - ok
222236.0151 2800 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) CWindowssystem32driversadp94xx.sys
222236.0229 2800 adp94xx - ok
222236.0354 2800 adpahci (60505e0041f7751bdbb80f88bf45c2ce) CWindowssystem32driversadpahci.sys
222236.0448 2800 adpahci - ok
222236.0494 2800 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) CWindowssystem32driversadpu160m.sys
222236.0494 2800 adpu160m - ok
222236.0572 2800 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) CWindowssystem32driversadpu320.sys
222236.0572 2800 adpu320 - ok
222236.0806 2800 AFD (3911b972b55fea0478476b2e777b29fa) CWindowssystem32driversafd.sys
222236.0838 2800 AFD - ok
222236.0869 2800 agp440 (13f9e33747e6b41a3ff305c37db0d360) CWindowssystem32driversagp440.sys
222236.0869 2800 agp440 - ok
222236.0947 2800 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) CWindowssystem32driversdjsvs.sys
222236.0947 2800 aic78xx - ok
222237.0025 2800 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) CWindowssystem32driversaliide.sys
222237.0025 2800 aliide - ok
222237.0165 2800 amdagp (c47344bc706e5f0b9dce369516661578) CWindowssystem32driversamdagp.sys
222237.0165 2800 amdagp - ok
222237.0243 2800 amdide (9b78a39a4c173fdbc1321e0dd659b34c) CWindowssystem32driversamdide.sys
222237.0243 2800 amdide - ok
222237.0290 2800 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) CWindowssystem32driversamdk7.sys
222237.0290 2800 AmdK7 - ok
222237.0337 2800 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) CWindowssystem32driversamdk8.sys
222237.0337 2800 AmdK8 - ok
222237.0384 2800 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) CWindowssystem32DRIVERSApfiltr.sys
222237.0384 2800 ApfiltrService - ok
222237.0477 2800 arc (5d2888182fb46632511acee92fdad522) CWindowssystem32driversarc.sys
222237.0493 2800 arc - ok
222237.0540 2800 arcsas (5e2a321bd7c8b3624e41fdec3e244945) CWindowssystem32driversarcsas.sys
222237.0540 2800 arcsas - ok
222237.0555 2800 AsyncMac (53b202abee6455406254444303e87be1) CWindowssystem32DRIVERSasyncmac.sys
222237.0555 2800 AsyncMac - ok
222237.0602 2800 atapi (1f05b78ab91c9075565a9d8a4b880bc4) CWindowssystem32driversatapi.sys
222237.0602 2800 atapi - ok
222237.0649 2800 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) CWindowssystem32driversBCM42RLY.sys
222237.0649 2800 BCM42RLY - ok
222237.0945 2800 BCM43XX (fa6707a346cd122407f3b0bad1c47639) CWindowssystem32DRIVERSbcmwl6.sys
222237.0961 2800 BCM43XX - ok
222237.0992 2800 Beep (67e506b75bd5326a3ec7b70bd014dfb6) CWindowssystem32driversBeep.sys
222237.0992 2800 Beep - ok
222238.0070 2800 blbdrive (d4df28447741fd3d953526e33a617397) CWindowssystem32driversblbdrive.sys
222238.0070 2800 blbdrive - ok
222238.0304 2800 bowser (35f376253f687bde63976ccb3f2108ca) CWindowssystem32DRIVERSbowser.sys
222238.0320 2800 bowser - ok
222238.0413 2800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) CWindowssystem32driversbrfiltlo.sys
222238.0413 2800 BrFiltLo - ok
222238.0507 2800 BrFiltUp (56801ad62213a41f6497f96dee83755a) CWindowssystem32driversbrfiltup.sys
222238.0507 2800 BrFiltUp - ok
222238.0632 2800 Brserid (b304e75cff293029eddf094246747113) CWindowssystem32driversbrserid.sys
222238.0632 2800 Brserid - ok
222238.0678 2800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) CWindowssystem32driversbrserwdm.sys
222238.0694 2800 BrSerWdm - ok
222238.0788 2800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) CWindowssystem32driversbrusbmdm.sys
222238.0788 2800 BrUsbMdm - ok
222238.0834 2800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) CWindowssystem32driversbrusbser.sys
222238.0850 2800 BrUsbSer - ok
222238.0912 2800 BthEnum (6d39c954799b63ba866910234cf7d726) CWindowssystem32DRIVERSBthEnum.sys
222238.0912 2800 BthEnum - ok
222239.0068 2800 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) CWindowssystem32driversbthmodem.sys
222239.0068 2800 BTHMODEM - ok
222239.0302 2800 BthPan (5904efa25f829bf84ea6fb045134a1d8) CWindowssystem32DRIVERSbthpan.sys
222239.0334 2800 BthPan - ok
222239.0474 2800 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) CWindowssystem32DriversBTHport.sys
222239.0490 2800 BTHPORT - ok
222239.0599 2800 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) CWindowssystem32DriversBTHUSB.sys
222239.0599 2800 BTHUSB - ok
222239.0724 2800 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) CWindowssystem32driversbtwaudio.sys
222239.0724 2800 btwaudio - ok
222239.0755 2800 btwavdt (5ffde57253d665067b0886612817eb11) CWindowssystem32driversbtwavdt.sys
222239.0770 2800 btwavdt - ok
222239.0864 2800 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) CWindowssystem32DRIVERSbtwrchid.sys
222239.0880 2800 btwrchid - ok
222240.0082 2800 catchme - ok
222240.0145 2800 cdfs (7add03e75beb9e6dd102c3081d29840a) CWindowssystem32DRIVERScdfs.sys
222240.0145 2800 cdfs - ok
222240.0270 2800 cdrom (6b4bffb9becd728097024276430db314) CWindowssystem32DRIVERScdrom.sys
222240.0270 2800 cdrom - ok
222240.0394 2800 circlass (e5d4133f37219dbcfe102bc61072589d) CWindowssystem32driverscirclass.sys
222240.0394 2800 circlass - ok
222240.0519 2800 CLFS (d7659d3b5b92c31e84e53c1431f35132) CWindowssystem32CLFS.sys
222240.0535 2800 CLFS - ok
222240.0644 2800 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) CWindowssystem32DRIVERSCmBatt.sys
222240.0644 2800 CmBatt - ok
222240.0675 2800 cmdide (0ca25e686a4928484e9fdabd168ab629) CWindowssystem32driverscmdide.sys
222240.0675 2800 cmdide - ok
222240.0769 2800 Compbatt (6afef0b60fa25de07c0968983ee4f60a) CWindowssystem32DRIVERScompbatt.sys
222240.0769 2800 Compbatt - ok
222240.0800 2800 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) CWindowssystem32driverscrcdisk.sys
222240.0800 2800 crcdisk - ok
222240.0831 2800 Crusoe (1f07becdca750766a96cda811ba86410) CWindowssystem32driverscrusoe.sys
222240.0831 2800 Crusoe - ok
222240.0940 2800 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) CWindowssystem32driverscsc.sys
222240.0956 2800 CSC - ok
222241.0128 2800 DfsC (622c41a07ca7e6dd91770f50d532cb6c) CWindowssystem32Driversdfsc.sys
222241.0128 2800 DfsC - ok
222241.0393 2800 disk (5d4aefc3386920236a548271f8f1af6a) CWindowssystem32driversdisk.sys
222241.0393 2800 disk - ok
222241.0455 2800 drmkaud (97fef831ab90bee128c9af390e243f80) CWindowssystem32driversdrmkaud.sys
222241.0455 2800 drmkaud - ok
222241.0564 2800 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) CWindowsSystem32driversdxgkrnl.sys
222241.0564 2800 DXGKrnl - ok
222241.0611 2800 e1express (908ed85b7806e8af3af5e9b74f7809d4) CWindowssystem32DRIVERSe1e6032.sys
222241.0752 2800 e1express - ok
222241.0798 2800 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) CWindowssystem32DRIVERSE1G60I32.sys
222241.0798 2800 E1G60 - ok
222241.0892 2800 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) CWindowssystem32driversecache.sys
222241.0892 2800 Ecache - ok
222242.0064 2800 elxstor (23b62471681a124889978f6295b3f4c6) CWindowssystem32driverselxstor.sys
222242.0142 2800 elxstor - ok
222242.0329 2800 ErrDev (3db974f3935483555d7148663f726c61) CWindowssystem32driverserrdev.sys
222242.0344 2800 ErrDev - ok
222242.0422 2800 exfat (22b408651f9123527bcee54b4f6c5cae) CWindowssystem32driversexfat.sys
222242.0438 2800 exfat - ok
222242.0469 2800 fastfat (1e9b9a70d332103c52995e957dc09ef8) CWindowssystem32driversfastfat.sys
222242.0469 2800 fastfat - ok
222242.0547 2800 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) CWindowssystem32DRIVERSfdc.sys
222242.0547 2800 fdc - ok
222242.0594 2800 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) CWindowssystem32driversfileinfo.sys
222242.0594 2800 FileInfo - ok
222242.0656 2800 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) CWindowssystem32driversfiletrace.sys
222242.0672 2800 Filetrace - ok
222242.0688 2800 flpydisk (85b7cf99d532820495d68d747fda9ebd) CWindowssystem32DRIVERSflpydisk.sys
222242.0688 2800 flpydisk - ok
222242.0859 2800 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) CWindowssystem32driversfltmgr.sys
222242.0937 2800 FltMgr - ok
222243.0031 2800 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) CWindowssystem32driversFs_Rec.sys
222243.0031 2800 Fs_Rec - ok
222243.0234 2800 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) CWindowssystem32DRIVERSfvevol.sys
222243.0265 2800 fvevol - ok
222243.0374 2800 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) CWindowssystem32driversgagp30kx.sys
222243.0374 2800 gagp30kx - ok
222243.0436 2800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) CWindowssystem32DRIVERSGEARAspiWDM.sys
222243.0436 2800 GEARAspiWDM - ok
222243.0577 2800 hcmon (ac6586971883c28c1d9e77f921b6105f) CWindowssystem32drivershcmon.sys
222243.0577 2800 hcmon - ok
222243.0702 2800 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) CWindowssystem32DRIVERSHDAudBus.sys
222243.0748 2800 HDAudBus - ok
222243.0780 2800 HidBth (1338520e78d90154ed6be8f84de5fceb) CWindowssystem32drivershidbth.sys
222243.0780 2800 HidBth - ok
222243.0842 2800 HidIr (ff3160c3a2445128c5a6d9b076da519e) CWindowssystem32drivershidir.sys
222243.0842 2800 HidIr - ok
222243.0920 2800 HidUsb (cca4b519b17e23a00b826c55716809cc) CWindowssystem32DRIVERShidusb.sys
222243.0920 2800 HidUsb - ok
222244.0029 2800 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) CWindowssystem32drivershpcisss.sys
222244.0045 2800 HpCISSs - ok
222244.0201 2800 HTTP (f870aa3e254628ebeafe754108d664de) CWindowssystem32driversHTTP.sys
222244.0294 2800 HTTP - ok
222244.0372 2800 i2omp (c6b032d69650985468160fc9937cf5b4) CWindowssystem32driversi2omp.sys
222244.0372 2800 i2omp - ok
222244.0513 2800 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) CWindowssystem32DRIVERSi8042prt.sys
222244.0513 2800 i8042prt - ok
222244.0684 2800 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) CWindowssystem32driversianvstor.sys
222244.0700 2800 iaNvStor - ok
222244.0794 2800 iaStor (997e8f5939f2d12cd9f2e6b395724c16) CWindowssystem32driversiastor.sys
222244.0809 2800 iaStor - ok
222244.0903 2800 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) CWindowssystem32driversiastorv.sys
222244.0950 2800 iaStorV - ok
222244.0981 2800 iirsp (2d077bf86e843f901d8db709c95b49a5) CWindowssystem32driversiirsp.sys
222244.0996 2800 iirsp - ok
222245.0028 2800 intelide (83aa759f3189e6370c30de5dc5590718) CWindowssystem32DRIVERSintelide.sys
222245.0028 2800 intelide - ok
222245.0106 2800 intelppm (224191001e78c89dfa78924c3ea595ff) CWindowssystem32DRIVERSintelppm.sys
222245.0121 2800 intelppm - ok
222245.0277 2800 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) CWindowssystem32DRIVERSipfltdrv.sys
222245.0277 2800 IpFilterDriver - ok
222245.0308 2800 IpInIp - ok
222245.0386 2800 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) CWindowssystem32driversipmidrv.sys
222245.0386 2800 IPMIDRV - ok
222245.0496 2800 IPNAT (8793643a67b42cec66490b2a0cf92d68) CWindowssystem32DRIVERSipnat.sys
222245.0496 2800 IPNAT - ok
222245.0574 2800 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) CWindowssystem32driversirenum.sys
222245.0574 2800 IRENUM - ok
222245.0683 2800 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) CWindowssystem32driversisapnp.sys
222245.0683 2800 isapnp - ok
222245.0839 2800 iScsiPrt (232fa340531d940aac623b121a595034) CWindowssystem32DRIVERSmsiscsi.sys
222245.0854 2800 iScsiPrt - ok
222245.0995 2800 iteatapi (bced60d16156e428f8df8cf27b0df150) CWindowssystem32driversiteatapi.sys
222245.0995 2800 iteatapi - ok
222246.0042 2800 iteraid (06fa654504a498c30adca8bec4e87e7e) CWindowssystem32driversiteraid.sys
222246.0042 2800 iteraid - ok
222246.0057 2800 kbdclass (37605e0a8cf00cbba538e753e4344c6e) CWindowssystem32DRIVERSkbdclass.sys
222246.0057 2800 kbdclass - ok
222246.0166 2800 kbdhid (ede59ec70e25c24581add1fbec7325f7) CWindowssystem32DRIVERSkbdhid.sys
222246.0166 2800 kbdhid - ok
222246.0463 2800 KSecDD (86165728af9bf72d6442a894fdfb4f8b) CWindowssystem32Driversksecdd.sys
222246.0494 2800 KSecDD - ok
222246.0572 2800 lltdio (d1c5883087a0c3f1344d9d55a44901f6) CWindowssystem32DRIVERSlltdio.sys
222246.0572 2800 lltdio - ok
222246.0681 2800 LSI_FC (c7e15e82879bf3235b559563d4185365) CWindowssystem32driverslsi_fc.sys
222246.0697 2800 LSI_FC - ok
222246.0744 2800 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) CWindowssystem32driverslsi_sas.sys
222246.0744 2800 LSI_SAS - ok
222246.0822 2800 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) CWindowssystem32driverslsi_scsi.sys
222246.0822 2800 LSI_SCSI - ok
222246.0931 2800 luafv (8f5c7426567798e62a3b3614965d62cc) CWindowssystem32driversluafv.sys
222246.0946 2800 luafv - ok
222247.0071 2800 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) CWindowssystem32driversmbam.sys
222247.0087 2800 MBAMProtector - ok
222247.0196 2800 megasas (0001ce609d66632fa17b84705f658879) CWindowssystem32driversmegasas.sys
222247.0196 2800 megasas - ok
222247.0430 2800 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) CWindowssystem32driversmegasr.sys
222247.0461 2800 MegaSR - ok
222247.0524 2800 Modem (e13b5ea0f51ba5b1512ec671393d09ba) CWindowssystem32driversmodem.sys
222247.0539 2800 Modem - ok
222247.0617 2800 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) CWindowssystem32DRIVERSmonitor.sys
222247.0617 2800 monitor - ok
222247.0633 2800 mouclass (5bf6a1326a335c5298477754a506d263) CWindowssystem32DRIVERSmouclass.sys
222247.0633 2800 mouclass - ok
222247.0711 2800 mouhid (93b8d4869e12cfbe663915502900876f) CWindowssystem32DRIVERSmouhid.sys
222247.0711 2800 mouhid - ok
222247.0758 2800 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) CWindowssystem32driversmountmgr.sys
222247.0758 2800 MountMgr - ok
222247.0836 2800 mpio (511d011289755dd9f9a7579fb0b064e6) CWindowssystem32driversmpio.sys
222247.0851 2800 mpio - ok
222247.0992 2800 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) CWindowssystem32driversmpsdrv.sys
222247.0992 2800 mpsdrv - ok
222248.0085 2800 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) CWindowssystem32driversmraid35x.sys
222248.0085 2800 Mraid35x - ok
222248.0350 2800 MRxDAV (82cea0395524aacfeb58ba1448e8325c) CWindowssystem32driversmrxdav.sys
222248.0350 2800 MRxDAV - ok
222248.0491 2800 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) CWindowssystem32DRIVERSmrxsmb.sys
222248.0491 2800 mrxsmb - ok
222248.0569 2800 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) CWindowssystem32DRIVERSmrxsmb10.sys
222248.0569 2800 mrxsmb10 - ok
222248.0600 2800 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) CWindowssystem32DRIVERSmrxsmb20.sys
222248.0600 2800 mrxsmb20 - ok
222248.0647 2800 msahci (f70590424eefbf5c27a40c67afdb8383) CWindowssystem32driversmsahci.sys
222248.0647 2800 msahci - ok
222248.0740 2800 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) CWindowssystem32driversmsdsm.sys
222248.0740 2800 msdsm - ok
222248.0818 2800 Msfs (a9927f4a46b816c92f461acb90cf8515) CWindowssystem32driversMsfs.sys
222248.0818 2800 Msfs - ok
222248.0881 2800 msisadrv (0f400e306f385c56317357d6dea56f62) CWindowssystem32driversmsisadrv.sys
222248.0881 2800 msisadrv - ok
222248.0928 2800 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) CWindowssystem32driversMSKSSRV.sys
222248.0928 2800 MSKSSRV - ok
222248.0943 2800 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) CWindowssystem32driversMSPCLOCK.sys
222248.0959 2800 MSPCLOCK - ok
222249.0021 2800 MSPQM (b572da05bf4e098d4bba3a4734fb505b) CWindowssystem32driversMSPQM.sys
222249.0021 2800 MSPQM - ok
222249.0052 2800 MsRPC (b49456d70555de905c311bcda6ec6adb) CWindowssystem32driversMsRPC.sys
222249.0099 2800 MsRPC - ok
222249.0115 2800 mssmbios (e384487cb84be41d09711c30ca79646c) CWindowssystem32DRIVERSmssmbios.sys
222249.0115 2800 mssmbios - ok
222249.0224 2800 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) CWindowssystem32driversMSTEE.sys
222249.0224 2800 MSTEE - ok
222249.0349 2800 Mup (6a57b5733d4cb702c8ea4542e836b96c) CWindowssystem32Driversmup.sys
222249.0349 2800 Mup - ok
222249.0474 2800 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) CWindowssystem32DRIVERSnwifi.sys
222249.0474 2800 NativeWifiP - ok
222249.0614 2800 NDIS (1357274d1883f68300aeadd15d7bbb42) CWindowssystem32driversndis.sys
222249.0645 2800 NDIS - ok
222249.0739 2800 NdisTapi (0e186e90404980569fb449ba7519ae61) CWindowssystem32DRIVERSndistapi.sys
222249.0739 2800 NdisTapi - ok
222249.0832 2800 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) CWindowssystem32DRIVERSndisuio.sys
222249.0832 2800 Ndisuio - ok
222249.0973 2800 NdisWan (818f648618ae34f729fdb47ec68345c3) CWindowssystem32DRIVERSndiswan.sys
222249.0988 2800 NdisWan - ok
222250.0144 2800 NDProxy (71dab552b41936358f3b541ae5997fb3) CWindowssystem32driversNDProxy.sys
222250.0160 2800 NDProxy - ok
222250.0363 2800 NetBIOS (bcd093a5a6777cf626434568dc7dba78) CWindowssystem32DRIVERSnetbios.sys
222250.0363 2800 NetBIOS - ok
222250.0503 2800 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) CWindowssystem32DRIVERSnetbt.sys
222250.0503 2800 netbt - ok
222250.0706 2800 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) CWindowssystem32driversnfrd960.sys
222250.0706 2800 nfrd960 - ok
222250.0846 2800 Npfs (d36f239d7cce1931598e8fb90a0dbc26) CWindowssystem32driversNpfs.sys
222250.0846 2800 Npfs - ok
222251.0049 2800 nsiproxy (609773e344a97410ce4ebf74a8914fcf) CWindowssystem32driversnsiproxy.sys
222251.0065 2800 nsiproxy - ok
222251.0330 2800 Ntfs (6a4a98cee84cf9e99564510dda4baa47) CWindowssystem32driversNtfs.sys
222251.0408 2800 Ntfs - ok
222251.0548 2800 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) CWindowssystem32driversntrigdigi.sys
222251.0564 2800 ntrigdigi - ok
222251.0736 2800 Null (c5dbbcda07d780bda9b685df333bb41e) CWindowssystem32driversNull.sys
222251.0736 2800 Null - ok
222252.0172 2800 nvlddmkm (bd409de5681c74c1de51d72427dc202d) CWindowssystem32DRIVERSnvlddmkm.sys
222252.0266 2800 nvlddmkm - ok
222252.0313 2800 nvraid (2edf9e7751554b42cbb60116de727101) CWindowssystem32driversnvraid.sys
222252.0313 2800 nvraid - ok
222252.0438 2800 nvstor (abed0c09758d1d97db0042dbb2688177) CWindowssystem32driversnvstor.sys
222252.0438 2800 nvstor - ok
222252.0516 2800 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) CWindowssystem32driversnv_agp.sys
222252.0516 2800 nv_agp - ok
222252.0547 2800 NwlnkFlt - ok
222252.0625 2800 NwlnkFwd - ok
222252.0703 2800 OEM02Dev (19cac780b858822055f46c58a111723c) CWindowssystem32DRIVERSOEM02Dev.sys
222252.0703 2800 OEM02Dev - ok
222252.0843 2800 OEM02Vfx (86326062a90494bdd79ce383511d7d69) CWindowssystem32DRIVERSOEM02Vfx.sys
222252.0859 2800 OEM02Vfx - ok
222252.0984 2800 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) CWindowssystem32DRIVERSohci1394.sys
222252.0984 2800 ohci1394 - ok
222253.0140 2800 Parport (0fa9b5055484649d63c303fe404e5f4d) CWindowssystem32driversparport.sys
222253.0155 2800 Parport - ok
222253.0342 2800 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) CWindowssystem32driverspartmgr.sys
222253.0358 2800 partmgr - ok
222253.0420 2800 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) CWindowssystem32driversparvdm.sys
222253.0420 2800 Parvdm - ok
222253.0530 2800 pci (941dc1d19e7e8620f40bbc206981efdb) CWindowssystem32driverspci.sys
222253.0561 2800 pci - ok
222253.0623 2800 pciide (1636d43f10416aeb483bc6001097b26c) CWindowssystem32driverspciide.sys
222253.0623 2800 pciide - ok
222253.0701 2800 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) CWindowssystem32driverspcmcia.sys
222253.0701 2800 pcmcia - ok
222253.0935 2800 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) CWindowssystem32driverspeauth.sys
222254.0013 2800 PEAUTH - ok
222254.0138 2800 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) CWindowssystem32DRIVERSraspptp.sys
222254.0154 2800 PptpMiniport - ok
222254.0200 2800 Processor (2027293619dd0f047c584cf2e7df4ffd) CWindowssystem32driversprocessr.sys
222254.0200 2800 Processor - ok
222254.0325 2800 PSched (99514faa8df93d34b5589187db3aa0ba) CWindowssystem32DRIVERSpacer.sys
222254.0325 2800 PSched - ok
222254.0419 2800 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) CWindowssystem32DriversPxHelp20.sys
222254.0419 2800 PxHelp20 - ok
222254.0528 2800 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) CWindowssystem32driversql2300.sys
222254.0575 2800 ql2300 - ok
222254.0606 2800 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) CWindowssystem32driversql40xx.sys
222254.0622 2800 ql40xx - ok
222254.0731 2800 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) CWindowssystem32driversqwavedrv.sys
222254.0731 2800 QWAVEdrv - ok
222255.0105 2800 R300 (e642b131fb74caf4bb8a014f31113142) CWindowssystem32DRIVERSatikmdag.sys
222255.0246 2800 R300 - ok
222255.0292 2800 RasAcd (147d7f9c556d259924351feb0de606c3) CWindowssystem32DRIVERSrasacd.sys
222255.0292 2800 RasAcd - ok
222255.0370 2800 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) CWindowssystem32DRIVERSrasl2tp.sys
222255.0386 2800 Rasl2tp - ok
222255.0433 2800 RasPppoe (509a98dd18af4375e1fc40bc175f1def) CWindowssystem32DRIVERSraspppoe.sys
222255.0433 2800 RasPppoe - ok
222255.0511 2800 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) CWindowssystem32DRIVERSrassstp.sys
222255.0526 2800 RasSstp - ok
222255.0573 2800 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) CWindowssystem32DRIVERSrdbss.sys
222255.0573 2800 rdbss - ok
222255.0604 2800 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) CWindowssystem32DRIVERSRDPCDD.sys
222255.0604 2800 RDPCDD - ok
222255.0698 2800 rdpdr (943b18305eae3935598a9b4a3d560b4c) CWindowssystem32DRIVERSrdpdr.sys
222255.0698 2800 rdpdr - ok
222255.0729 2800 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) CWindowssystem32driversrdpencdd.sys
222255.0729 2800 RDPENCDD - ok
222255.0838 2800 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) CWindowssystem32driversRDPWD.sys
222255.0838 2800 RDPWD - ok
222255.0963 2800 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) CWindowssystem32DRIVERSrfcomm.sys
222255.0963 2800 RFCOMM - ok
222256.0135 2800 rimmptsk (355aac141b214bef1dbc1483afd9bd50) CWindowssystem32DRIVERSrimmptsk.sys
222256.0135 2800 rimmptsk - ok
222256.0197 2800 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) CWindowssystem32DRIVERSrimsptsk.sys
222256.0197 2800 rimsptsk - ok
222256.0244 2800 rismxdp (d231b577024aa324af13a42f3a807d10) CWindowssystem32DRIVERSrixdptsk.sys
222256.0260 2800 rismxdp - ok
222256.0369 2800 RsFx0102 (fedd2710b75be3ecf078adace790c423) CWindowssystem32DRIVERSRsFx0102.sys
222256.0416 2800 RsFx0102 - ok
222256.0447 2800 rspndr (9c508f4074a39e8b4b31d27198146fad) CWindowssystem32DRIVERSrspndr.sys
222256.0447 2800 rspndr - ok
222256.0525 2800 sbp2port (3ce8f073a557e172b330109436984e30) CWindowssystem32driverssbp2port.sys
222256.0525 2800 sbp2port - ok
222256.0634 2800 sdbus (8f36b54688c31eed4580129040c6a3d3) CWindowssystem32DRIVERSsdbus.sys
222256.0650 2800 sdbus - ok
222256.0774 2800 secdrv (90a3935d05b494a5a39d37e71f09a677) CWindowssystem32driverssecdrv.sys
222256.0774 2800 secdrv - ok
222256.0884 2800 Serenum (68e44e331d46f0fb38f0863a84cd1a31) CWindowssystem32driversserenum.sys
222256.0899 2800 Serenum - ok
222256.0993 2800 Serial (c70d69a918b178d3c3b06339b40c2e1b) CWindowssystem32driversserial.sys
222256.0993 2800 Serial - ok
222257.0118 2800 sermouse (8af3d28a879bf75db53a0ee7a4289624) CWindowssystem32driverssermouse.sys
222257.0118 2800 sermouse - ok
222257.0227 2800 sffdisk (3efa810bdca87f6ecc24f9832243fe86) CWindowssystem32DRIVERSsffdisk.sys
222257.0227 2800 sffdisk - ok
222257.0274 2800 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) CWindowssystem32driverssffp_mmc.sys
222257.0305 2800 sffp_mmc - ok
222257.0336 2800 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) CWindowssystem32DRIVERSsffp_sd.sys
222257.0336 2800 sffp_sd - ok
222257.0398 2800 sfloppy (46ed8e91793b2e6f848015445a0ac188) CWindowssystem32driverssfloppy.sys
222257.0398 2800 sfloppy - ok
222257.0445 2800 sisagp (1d76624a09a054f682d746b924e2dbc3) CWindowssystem32driverssisagp.sys
222257.0461 2800 sisagp - ok
222257.0508 2800 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) CWindowssystem32driverssisraid2.sys
222257.0508 2800 SiSRaid2 - ok
222257.0586 2800 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) CWindowssystem32driverssisraid4.sys
222257.0586 2800 SiSRaid4 - ok
222257.0632 2800 Smb (7b75299a4d201d6a6533603d6914ab04) CWindowssystem32DRIVERSsmb.sys
222257.0632 2800 Smb - ok
222257.0695 2800 spldr (7aebdeef071fe28b0eef2cdd69102bff) CWindowssystem32driversspldr.sys
222257.0695 2800 spldr - ok
222257.0866 2800 srv (41987f9fc0e61adf54f581e15029ad91) CWindowssystem32DRIVERSsrv.sys
222257.0882 2800 srv - ok
222258.0022 2800 srv2 (ff33aff99564b1aa534f58868cbe41ef) CWindowssystem32DRIVERSsrv2.sys
222258.0038 2800 srv2 - ok
222258.0116 2800 srvnet (7605c0e1d01a08f3ecd743f38b834a44) CWindowssystem32DRIVERSsrvnet.sys
222258.0132 2800 srvnet - ok
222258.0256 2800 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) CWindowssystem32driversstwrt.sys
222258.0256 2800 STHDA - ok
222258.0303 2800 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) CWindowssystem32DRIVERSswenum.sys
222258.0303 2800 swenum - ok
222258.0350 2800 Symc8xx (192aa3ac01df071b541094f251deed10) CWindowssystem32driverssymc8xx.sys
222258.0350 2800 Symc8xx - ok
222258.0381 2800 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) CWindowssystem32driverssym_hi.sys
222258.0397 2800 Sym_hi - ok
222258.0412 2800 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) CWindowssystem32driverssym_u3.sys
222258.0412 2800 Sym_u3 - ok
222258.0615 2800 Tcpip (814a1c66fbd4e1b310a517221f1456bf) CWindowssystem32driverstcpip.sys
222258.0631 2800 Tcpip - ok
222258.0740 2800 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) CWindowssystem32DRIVERStcpip.sys
222258.0756 2800 Tcpip6 - ok
222258.0865 2800 tcpipreg (608c345a255d82a6289c2d468eb41fd7) CWindowssystem32driverstcpipreg.sys
222258.0865 2800 tcpipreg - ok
222258.0974 2800 TcUsb (5ca437a08509fb7ecf843480fc1232e2) CWindowssystem32Driverstcusb.sys
222258.0974 2800 TcUsb - ok
222259.0099 2800 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) CWindowssystem32driverstdpipe.sys
222259.0099 2800 TDPIPE - ok
222259.0177 2800 TDTCP (389c63e32b3cefed425b61ed92d3f021) CWindowssystem32driverstdtcp.sys
222259.0177 2800 TDTCP - ok
222259.0286 2800 tdx - ok
222259.0442 2800 TermDD (3cad38910468eab9a6479e2f01db43c7) CWindowssystem32DRIVERStermdd.sys
222259.0442 2800 TermDD - ok
222259.0660 2800 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) CWindowssystem32DRIVERStssecsrv.sys
222259.0676 2800 tssecsrv - ok
222259.0801 2800 tunmp (caecc0120ac49e3d2f758b9169872d38) CWindowssystem32DRIVERStunmp.sys
222259.0816 2800 tunmp - ok
222300.0019 2800 tunnel (300db877ac094feab0be7688c3454a9c) CWindowssystem32DRIVERStunnel.sys
222300.0019 2800 tunnel - ok
222300.0144 2800 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) CWindowssystem32driversuagp35.sys
222300.0160 2800 uagp35 - ok
222300.0269 2800 udfs (d9728af68c4c7693cb100b8441cbdec6) CWindowssystem32DRIVERSudfs.sys
222300.0300 2800 udfs - ok
222300.0394 2800 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) CWindowssystem32driversuliagpkx.sys
222300.0394 2800 uliagpkx - ok
222300.0456 2800 uliahci (9224bb254f591de4ca8d572a5f0d635c) CWindowssystem32driversuliahci.sys
222300.0472 2800 uliahci - ok
222300.0487 2800 UlSata (8514d0e5cd0534467c5fc61be94a569f) CWindowssystem32driversulsata.sys
222300.0487 2800 UlSata - ok
222300.0596 2800 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) CWindowssystem32driversulsata2.sys
222300.0612 2800 ulsata2 - ok
222300.0628 2800 umbus (32cff9f809ae9aed85464492bf3e32d2) CWindowssystem32DRIVERSumbus.sys
222300.0628 2800 umbus - ok
222300.0690 2800 USBAAPL (1df89c499bf45d878b87ebd4421d462d) CWindowssystem32Driversusbaapl.sys
222300.0690 2800 USBAAPL - ok
222300.0799 2800 usbccgp (caf811ae4c147ffcd5b51750c7f09142) CWindowssystem32DRIVERSusbccgp.sys
222300.0815 2800 usbccgp - ok
222300.0924 2800 usbcir (e9476e6c486e76bc4898074768fb7131) CWindowssystem32driversusbcir.sys
222300.0940 2800 usbcir - ok
222301.0096 2800 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) CWindowssystem32DRIVERSusbehci.sys
222301.0096 2800 usbehci - ok
222301.0220 2800 usbhub (4673bbcb006af60e7abddbe7a130ba42) CWindowssystem32DRIVERSusbhub.sys
222301.0236 2800 usbhub - ok
222301.0283 2800 usbohci (38dbc7dd6cc5a72011f187425384388b) CWindowssystem32driversusbohci.sys
222301.0283 2800 usbohci - ok
222301.0376 2800 usbprint (b51e52acf758be00ef3a58ea452fe360) CWindowssystem32driversusbprint.sys
222301.0376 2800 usbprint - ok
222301.0439 2800 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) CWindowssystem32DRIVERSUSBSTOR.SYS
222301.0439 2800 USBSTOR - ok
222301.0532 2800 usbuhci (814d653efc4d48be3b04a307eceff56f) CWindowssystem32DRIVERSusbuhci.sys
222301.0532 2800 usbuhci - ok
222301.0610 2800 VBoxDrv (45826dfb364133677b3c7ed01ed6be1d) CWindowssystem32DRIVERSVBoxDrv.sys
222301.0610 2800 VBoxDrv - ok
222301.0657 2800 VBoxNetAdp (f8857ebb92b79d35cd04d8d71ba2ff04) CWindowssystem32DRIVERSVBoxNetAdp.sys
222301.0657 2800 VBoxNetAdp - ok
222301.0688 2800 VBoxNetFlt (ebd7f7f3d1e444c7a51f1a677e5e5c83) CWindowssystem32DRIVERSVBoxNetFlt.sys
222301.0688 2800 VBoxNetFlt - ok
222301.0735 2800 VBoxUSBMon (ce66aa98d12ec5f08e9f8201948ce054) CWindowssystem32DRIVERSVBoxUSBMon.sys
222301.0735 2800 VBoxUSBMon - ok
222301.0891 2800 vga (87b06e1f30b749a114f74622d013f8d4) CWindowssystem32DRIVERSvgapnp.sys
222301.0891 2800 vga - ok
222302.0032 2800 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) CWindowsSystem32driversvga.sys
222302.0032 2800 VgaSave - ok
222302.0125 2800 viaagp (5d7159def58a800d5781ba3a879627bc) CWindowssystem32driversviaagp.sys
222302.0125 2800 viaagp - ok
222302.0188 2800 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) CWindowssystem32driversviac7.sys
222302.0188 2800 ViaC7 - ok
222302.0234 2800 viaide (aadf5587a4063f52c2c3fed7887426fc) CWindowssystem32driversviaide.sys
222302.0250 2800 viaide - ok
222302.0328 2800 vmci (eca058fdf9105001b113441f6d420fa4) CWindowssystem32Driversvmci.sys
222302.0328 2800 vmci - ok
222302.0390 2800 vmkbd (c993e9325c68dd1f6ee4a8151b34f442) CWindowssystem32driversVMkbd.sys
222302.0390 2800 vmkbd - ok
222302.0437 2800 VMnetAdapter (898706a05d20b706848a440961c52436) CWindowssystem32DRIVERSvmnetadapter.sys
222302.0437 2800 VMnetAdapter - ok
222302.0484 2800 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) CWindowssystem32DRIVERSvmnetbridge.sys
222302.0484 2800 VMnetBridge - ok
222302.0578 2800 VMnetuserif (5f1ba57c5882cedf70b14de331f06ee0) CWindowssystem32driversvmnetuserif.sys
222302.0578 2800 VMnetuserif - ok
222302.0640 2800 vmusb (25017db6451b002158db425961a82b7b) CWindowssystem32Driversvmusb.sys
222302.0640 2800 vmusb - ok
222302.0718 2800 vmx86 (72defa27db4a31e11740e12d745a70f3) CWindowssystem32Driversvmx86.sys
222302.0734 2800 vmx86 - ok
222302.0796 2800 volmgr (69503668ac66c77c6cd7af86fbdf8c43) CWindowssystem32driversvolmgr.sys
222302.0796 2800 volmgr - ok
222302.0874 2800 volmgrx (23e41b834759917bfd6b9a0d625d0c28) CWindowssystem32driversvolmgrx.sys
222302.0890 2800 volmgrx - ok
222302.0999 2800 volsnap (147281c01fcb1df9252de2a10d5e7093) CWindowssystem32driversvolsnap.sys
222303.0046 2800 volsnap - ok
222303.0092 2800 vsmraid (587253e09325e6bf226b299774b728a9) CWindowssystem32driversvsmraid.sys
222303.0092 2800 vsmraid - ok
222303.0202 2800 vstor2-ws60 (e4fa7aff5046fc49de22e903b7e35add) CProgram FilesVMwareVMware Playervstor2-ws60.sys
222303.0202 2800 vstor2-ws60 - ok
222303.0264 2800 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) CWindowssystem32driverswacompen.sys
222303.0264 2800 WacomPen - ok
222303.0342 2800 Wanarp (55201897378cca7af8b5efd874374a26) CWindowssystem32DRIVERSwanarp.sys
222303.0342 2800 Wanarp - ok
222303.0373 2800 Wanarpv6 (55201897378cca7af8b5efd874374a26) CWindowssystem32DRIVERSwanarp.sys
222303.0373 2800 Wanarpv6 - ok
222303.0420 2800 Wd (78fe9542363f297b18c027b2d7e7c07f) CWindowssystem32driverswd.sys
222303.0420 2800 Wd - ok
222303.0545 2800 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) CWindowssystem32driversWdf01000.sys
222303.0592 2800 Wdf01000 - ok
222303.0716 2800 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) CWindowssystem32DRIVERSwmiacpi.sys
222303.0716 2800 WmiAcpi - ok
222303.0779 2800 WpdUsb (de9d36f91a4df3d911626643debf11ea) CWindowssystem32DRIVERSwpdusb.sys
222303.0779 2800 WpdUsb - ok
222303.0841 2800 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) CWindowssystem32driversws2ifsl.sys
222303.0841 2800 ws2ifsl - ok
222303.0904 2800 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) CWindowssystem32DRIVERSWSDPrint.sys
222303.0919 2800 WSDPrintDevice - ok
222303.0982 2800 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) CWindowssystem32DRIVERSWUDFRd.sys
222303.0982 2800 WUDFRd - ok
222304.0060 2800 yukonwlh (04e268adfc81964c49dc0c082d520f7e) CWindowssystem32DRIVERSyk60x86.sys
222304.0075 2800 yukonwlh - ok
222304.0138 2800 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) DeviceHarddisk0DR0
222304.0247 2800 DeviceHarddisk0DR0 - ok
222304.0278 2800 Boot (0x1200) (28aaf02de465ac07026412db68f9f65e) DeviceHarddisk0DR0Partition0
222304.0278 2800 DeviceHarddisk0DR0Partition0 - ok
222304.0294 2800 Boot (0x1200) (8d4d44366f65a27e3923312c79c8bb1f) DeviceHarddisk0DR0Partition1
222304.0294 2800 DeviceHarddisk0DR0Partition1 - ok
222304.0294 2800 ============================================================
222304.0294 2800 Scan finished
222304.0294 2800 ============================================================
222304.0309 5836 Detected object count 0
222304.0309 5836 Actual detected object count 0


More observations.
Vista topbar no longer loads.
Usb mounted as I, but no F,G, or H are mounted.

Thanks,
Paul

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:37 PM

Posted 08 December 2011 - 09:23 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 p3456

p3456
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 08 December 2011 - 07:43 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 19:39:27
-----------------------------
19:39:27.298 OS Version: Windows 6.0.6002 Service Pack 2
19:39:27.298 Number of processors: 2 586 0x1706
19:39:27.314 ComputerName: PAUL-PC UserName: Paul
19:39:50.308 Initialize success
19:40:08.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:40:08.326 Disk 0 Vendor: ST932042 DE14 Size: 305245MB BusType: 3
19:40:08.358 Disk 0 MBR read successfully
19:40:08.358 Disk 0 MBR scan
19:40:08.358 Disk 0 Windows VISTA default MBR code
19:40:08.358 Disk 0 scanning sectors +625139712
19:40:08.436 Disk 0 scanning C:\Windows\system32\drivers
19:40:17.078 Service scanning
19:40:18.498 Modules scanning
19:40:23.770 Disk 0 trace - called modules:
19:40:23.786 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:40:23.802 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b85878]
19:40:23.802 3 CLASSPNP.SYS[8c1c58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85712030]
19:40:23.802 Scan finished successfully
19:40:44.253 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
19:40:44.269 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:37 PM

Posted 09 December 2011 - 03:01 AM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 p3456

p3456
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 09 December 2011 - 11:21 PM

Gringo,

Thank you again for the help. I ran FSS. here is the result.

Farbar Service Scanner
Ran by Paul (administrator) on 09-12-2011 at 23:19:01
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
Checking LEGACY_Dhcp: Attention! Unable to open LEGACY_Dhcp\0000 registry key. The key does not exist.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
Checking LEGACY_Dnscache: Attention! Unable to open LEGACY_Dnscache\0000 registry key. The key does not exist.
The ServiceDll of Dnscache service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys
[2009-09-18 13:05] - [2011-12-03 15:50] - 0000000 ____A ()

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

Thanks,
Paul

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:37 PM

Posted 10 December 2011 - 05:13 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
tdx.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 p3456

p3456
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 10 December 2011 - 03:24 PM

Gringo,

Attaching file because the forum won't let me post the results. I guess some of the formatting of the file breaks the form or something.

Thanks,
Paul

Attached Files



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:37 PM

Posted 10 December 2011 - 11:09 PM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys C:\Windows\System32\drivers\tdx.sys
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 p3456

p3456
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 11 December 2011 - 01:23 AM

Here are the results:


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys", destinationFile = "\??\c:\windows\system32\drivers\tdx.sys"GetDataFromFile: ZwOpenFile failed: status = c0000022




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users