Author Topic: [Resolved] trojan:dos/alureon.e DDS Copy and Paste (Read 3564 times)

KeiserBKeiser · « **on:** March 17, 2012, 07:47:45 PM »

DDS COPY AND PASTE

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Wankerdoodle at 22:29:25 on 2012-03-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4042 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Wankerdoodle\AppData\Local\Workspace\workspaceupdate.exe
C:\Users\Wankerdoodle\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Starfield Updater] "C:\Users\Wankerdoodle\AppData\Local\Workspace\workspaceupdate.exe"
uRun: [Google Update] "C:\Users\Wankerdoodle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\Users\WANKER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wankerdoodle\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\WANKER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{28FBD395-24E2-4F32-98ED-2DEECAAA333F} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\Firefox\Profiles\do0l478b.default\
FF - prefs.js: browser.startup.homepage - www.msnbc.com
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\Firefox\Profiles\do0l478b.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\Firefox\Profiles\do0l478b.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\Firefox\Profiles\do0l478b.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\Wankerdoodle\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2011-9-20 1188624]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-10-5 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-12 1153368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-5 2656280]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-18 02:04:04   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39BE4691-1EB3-4131-A07F-4E2DEC2FBFE1}\offreg.dll
2012-03-18 01:24:06   8643640   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39BE4691-1EB3-4131-A07F-4E2DEC2FBFE1}\mpengine.dll
2012-03-17 15:29:28   --------   d--h--w-   C:\ProgramData\CanonIJScan
2012-03-16 19:35:42   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2012-03-16 19:33:21   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-03-16 19:33:21   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2012-03-16 19:18:18   1658880   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2012-03-16 19:04:42   87040   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\CNMPPAA.DLL
2012-03-16 19:04:42   28672   ----a-w-   C:\Windows\System32\Spool\prtprocs\x64\CNMPDAA.DLL
2012-03-16 19:04:27   361472   ----a-w-   C:\Windows\System32\CNMLMAA.DLL
2012-03-16 19:04:23   248320   ----a-w-   C:\Windows\System32\CNMIUAA.DLL
2012-03-16 18:38:11   626688   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-16 18:38:11   592824   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-16 18:38:11   548864   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-16 18:38:11   479232   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-16 18:38:11   44472   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 18:34:53   917840   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-03-16 18:34:30   927800   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{727D5957-CA72-4E07-9D8A-5C8D22A80E56}\gapaengine.dll
2012-03-16 18:34:20   476904   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-16 18:28:35   348672   ----a-w-   C:\Windows\System32\CNC280L.dll
2012-03-16 18:28:35   307200   ----a-w-   C:\Windows\SysWow64\CNC280L.dll
2012-03-16 18:28:35   17920   ----a-w-   C:\Windows\System32\CNHMCA6.dll
2012-03-16 18:28:35   15872   ----a-w-   C:\Windows\SysWow64\CNHMCA.dll
2012-03-16 18:28:35   1354240   ----a-w-   C:\Windows\System32\CNC280C.dll
2012-03-16 18:28:35   112128   ----a-w-   C:\Windows\System32\CNC280I.dll
2012-03-16 18:28:35   106496   ----a-w-   C:\Windows\SysWow64\CNC280U.dll
2012-03-01 22:07:01   --------   d--h--w-   C:\Users\Wankerdoodle\AppData\Roaming\OpenOffice.org
2012-03-01 22:06:11   --------   d-----w-   C:\Program Files (x86)\OpenOffice.org 3
2012-03-01 21:49:00   --------   d--h--w-   C:\Users\Wankerdoodle\AppData\Local\Windows Live
2012-03-01 21:48:42   --------   d--h--w-   C:\Users\Wankerdoodle\AppData\Local\{CE35FFA4-7F0A-4646-BF0D-0DC6B1720364}
2012-03-01 21:48:30   --------   d--h--w-   C:\Users\Wankerdoodle\AppData\Roaming\Windows Live Writer
2012-03-01 21:48:30   --------   d--h--w-   C:\Users\Wankerdoodle\AppData\Local\Windows Live Writer
2012-02-28 20:43:54   --------   d--h--w-   C:\Program Files (x86)\ScreenConnect
2012-02-27 20:48:56   605552   ----a-w-   C:\Windows\System32\osloader.exe
2012-02-23 19:56:03   --------   d--h--w-   C:\Users\Wankerdoodle\AppData\Roaming\j2 Global
2012-02-22 13:20:55   --------   d--h--w-   C:\Users\Wankerdoodle\AppData\Local\Apple
.
==================== Find3M ====================
.
2012-03-16 18:34:06   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-01-31 12:44:20   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08   515584   ----a-w-   C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56   478720   ----a-w-   C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24   498688   ----a-w-   C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 22:36:52.54 ===============

KeiserBKeiser · « **Reply #1 on:** March 17, 2012, 07:51:39 PM »

My ATTACH copy and paste was TOO large to post in this message. I've therefore attached it to this?!?!??!

I hope that was correct

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2011 6:36:12 PM
System Uptime: 3/17/2012 9:53:05 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AC2
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | CPU 1 | 2883/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 862.302 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.441 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP81: 3/12/2012 10:22:20 PM - Windows Update
RP82: 3/15/2012 8:22:58 AM - Windows Update
RP83: 3/16/2012 1:04:13 PM - Restore Operation
RP84: 3/16/2012 2:33:28 PM - Installed Java(TM) 6 Update 31
RP85: 3/16/2012 2:33:36 PM - Windows Update
RP86: 3/16/2012 3:52:05 PM - Windows Update
.
==== Installed Programs ======================
.
802.11n Wireless LAN Card
ACDSee Pro 2.5
ACDSee Pro 3
Adobe AIR
Adobe Flash Player 10 ActiveX
Canon MP Navigator EX 4.0
D3DX10
Dropbox
eFax Messenger
Google Chrome
Half-Life 2
Half-Life 2: Lost Coast
Hewlett-Packard ACLM.NET v1.1.1.0
HP Customer Experience Enhancements
HP LinkUp
HP MovieStore
HP Odometer
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Support Assistant
HP Support Information
HP Update
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Kobo
LabelPrint
Mesh Runtime
Microsoft Mathematics
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Complete Special Edition
PlayReady PC Runtime x86
Power2Go
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Spybot - Search & Destroy
Steam
Team Fortress 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VIP Access SDK (1.0.1.4)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Workspace Desktop
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
Removed Event Viewer Entries - Hoov
.
==== End Of File ===========================

Hoov · « **Reply #2 on:** March 17, 2012, 08:03:13 PM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

In the future, please paste the logs into the reply. If they are too long, then break them up. If they are extremely long as the MWS that is helping you.

For now I pasted it up for you.

Also when replying to this thread use the quick reply box at the bottom of the page, or use the reply button on the bottom or top bar.

Now on to the computer.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

KeiserBKeiser · « **Reply #3 on:** March 18, 2012, 08:47:06 AM »

First, I have on run SPYBOT S&D, and MSW Spybot said it found Fraud.DefenseCenter. It attempted to remove it and showed successful. Beyond that several attempts with MSW. I get popups in the right corner advising that there is the TROJAN:dos/alureon.e and that it was blocked. At which time the computer locks up internet access. The only other security type program I run is WINPATROL.
As for problems this all began on Friday as I went to Liveleak. An error came up and Winpatrol asked I wanted to allow the program to modify something. I said 'no' and about 40 pop up came up on top of one another. Immediately after that some fake looking security scan, which i believed to be MSW was finding numerous errors of which I took a quick photo of with my camera phone.

It was at this point that I knew I had be taken.

Second, No problems, I'll stick only with spywarehammer for fixing this.

Third, follow my instructions ~ No problems I'm pretty good at following instructions and won't be bashful if I don't understand.

Fourth, Have faith. ~ I hear Angels when I'm reading your e-mails. I'm all about Faith!

Fifth, if we start this fix, I need you to stick with me until the end. Gotcha, Stick with it to the end. Okey Dokey

Before we start trying to fix your computer, you need to make sure your data is backed up. Backup.......Hmmmm right now I have an external harddrive but it is full because of backup to it. Is there a way to find the previous backups or should I use DVD burner? I don't even know if this machine has a DVD burner. (i'll have to get dvd's if it does and that's an option. Please let me know.

The computer belongs to myself, I use it my own 1 man company. I do logistics. I run rates on it through the course of a typical M-F

Now I'll begin the instructions you have instructed me to next.

KeiserBKeiser · « **Reply #4 on:** March 18, 2012, 09:00:41 AM »

before I do the next step, I should wait to see what you suggest about backing up the data. I can zip down and pickup a dvd if that's an acceptable method of doing backups. Please advise.

KeiserBKeiser · « **Reply #5 on:** March 18, 2012, 09:49:06 AM »

I looked up in the computer system devices and found that this computer has a hp dvd rw ad-7251h5. I googled that and it's a DVD burner. I'm going to go and pickup DVDS right now, then I'll begin backing up my data.

Hoov · « **Reply #6 on:** March 18, 2012, 10:44:04 AM »

Backing up to any external media is always best. I use DVD's myself. Others use external drives.

KeiserBKeiser · « **Reply #7 on:** March 18, 2012, 12:22:11 PM »

14:20:35.0294 5084   TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
14:20:35.0722 5084   ============================================================
14:20:35.0722 5084   Current date / time: 2012/03/18 14:20:35.0722
14:20:35.0722 5084   SystemInfo:
14:20:35.0722 5084
14:20:35.0722 5084   OS Version: 6.1.7601 ServicePack: 1.0
14:20:35.0722 5084   Product type: Workstation
14:20:35.0722 5084   ComputerName: KEISERDOODLE
14:20:35.0723 5084   UserName: Wankerdoodle
14:20:35.0723 5084   Windows directory: C:\Windows
14:20:35.0723 5084   System windows directory: C:\Windows
14:20:35.0723 5084   Running under WOW64
14:20:35.0723 5084   Processor architecture: Intel x64
14:20:35.0723 5084   Number of processors: 4
14:20:35.0723 5084   Page size: 0x1000
14:20:35.0723 5084   Boot type: Normal boot
14:20:35.0723 5084   ============================================================
14:20:35.0881 5084   Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:20:35.0898 5084   \Device\Harddisk0\DR0:
14:20:35.0898 5084   MBR used
14:20:35.0898 5084   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:20:35.0898 5084   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F2A800
14:20:35.0898 5084   \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72F5D000, BlocksNum 0x17A4DB0
14:20:35.0945 5084   Initialize success
14:20:35.0945 5084   ============================================================
14:20:53.0370 5036   ============================================================
14:20:53.0370 5036   Scan started
14:20:53.0370 5036   Mode: Manual;
14:20:53.0370 5036   ============================================================
14:20:53.0708 5036   1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:20:53.0710 5036   1394ohci - ok
14:20:53.0747 5036   ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:20:53.0750 5036   ACPI - ok
14:20:53.0804 5036   AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:20:53.0805 5036   AcpiPmi - ok
14:20:53.0838 5036   adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:20:53.0842 5036   adp94xx - ok
14:20:53.0866 5036   adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:20:53.0868 5036   adpahci - ok
14:20:53.0901 5036   adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:20:53.0903 5036   adpu320 - ok
14:20:53.0963 5036   AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:20:53.0967 5036   AFD - ok
14:20:54.0005 5036   agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:20:54.0006 5036   agp440 - ok
14:20:54.0046 5036   aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:20:54.0047 5036   aliide - ok
14:20:54.0072 5036   amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:20:54.0073 5036   amdide - ok
14:20:54.0132 5036   AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:20:54.0133 5036   AmdK8 - ok
14:20:54.0214 5036   AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:20:54.0215 5036   AmdPPM - ok
14:20:54.0294 5036   amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:20:54.0296 5036   amdsata - ok
14:20:54.0330 5036   amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:20:54.0332 5036   amdsbs - ok
14:20:54.0348 5036   amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:20:54.0349 5036   amdxata - ok
14:20:54.0389 5036   AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:20:54.0390 5036   AppID - ok
14:20:54.0413 5036   arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:20:54.0414 5036   arc - ok
14:20:54.0435 5036   arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:20:54.0436 5036   arcsas - ok
14:20:54.0518 5036   AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:20:54.0518 5036   AsyncMac - ok
14:20:54.0569 5036   atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:20:54.0569 5036   atapi - ok
14:20:54.0633 5036   b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:20:54.0637 5036   b06bdrv - ok
14:20:54.0657 5036   b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:20:54.0660 5036   b57nd60a - ok
14:20:54.0678 5036   Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:20:54.0678 5036   Beep - ok
14:20:54.0770 5036   blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:20:54.0770 5036   blbdrive - ok
14:20:54.0794 5036   bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:20:54.0796 5036   bowser - ok
14:20:54.0813 5036   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:20:54.0813 5036   BrFiltLo - ok
14:20:54.0828 5036   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:20:54.0829 5036   BrFiltUp - ok
14:20:54.0859 5036   Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:20:54.0861 5036   Brserid - ok
14:20:54.0881 5036   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:20:54.0882 5036   BrSerWdm - ok
14:20:54.0894 5036   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:20:54.0894 5036   BrUsbMdm - ok
14:20:54.0917 5036   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:20:54.0918 5036   BrUsbSer - ok
14:20:55.0024 5036   BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:20:55.0025 5036   BTHMODEM - ok
14:20:55.0064 5036   cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:20:55.0065 5036   cdfs - ok
14:20:55.0089 5036   cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:20:55.0091 5036   cdrom - ok
14:20:55.0126 5036   circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:20:55.0126 5036   circlass - ok
14:20:55.0149 5036   CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:20:55.0152 5036   CLFS - ok
14:20:55.0194 5036   CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:20:55.0195 5036   CmBatt - ok
14:20:55.0266 5036   cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:20:55.0266 5036   cmdide - ok
14:20:55.0297 5036   CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:20:55.0301 5036   CNG - ok
14:20:55.0326 5036   Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:20:55.0326 5036   Compbatt - ok
14:20:55.0375 5036   CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:20:55.0376 5036   CompositeBus - ok
14:20:55.0409 5036   crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:20:55.0410 5036   crcdisk - ok
14:20:55.0513 5036   dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:20:55.0514 5036   dc3d - ok
14:20:55.0537 5036   DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:20:55.0539 5036   DfsC - ok
14:20:55.0555 5036   discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:20:55.0556 5036   discache - ok
14:20:55.0567 5036   Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:20:55.0568 5036   Disk - ok
14:20:55.0613 5036   drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:20:55.0614 5036   drmkaud - ok
14:20:55.0645 5036   DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:20:55.0658 5036   DXGKrnl - ok
14:20:55.0724 5036   ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:20:55.0741 5036   ebdrv - ok
14:20:55.0841 5036   elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:20:55.0849 5036   elxstor - ok
14:20:55.0874 5036   ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:20:55.0875 5036   ErrDev - ok
14:20:55.0907 5036   exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:20:55.0910 5036   exfat - ok
14:20:55.0928 5036   fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:20:55.0931 5036   fastfat - ok
14:20:55.0948 5036   fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:20:55.0949 5036   fdc - ok
14:20:56.0066 5036   FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:20:56.0068 5036   FileInfo - ok
14:20:56.0084 5036   Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:20:56.0085 5036   Filetrace - ok
14:20:56.0108 5036   flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:20:56.0109 5036   flpydisk - ok
14:20:56.0130 5036   FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:20:56.0135 5036   FltMgr - ok
14:20:56.0152 5036   FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:20:56.0154 5036   FsDepends - ok
14:20:56.0183 5036   Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:20:56.0185 5036   Fs_Rec - ok
14:20:56.0203 5036   fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:20:56.0206 5036   fvevol - ok
14:20:56.0271 5036   gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:20:56.0273 5036   gagp30kx - ok
14:20:56.0299 5036   hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:20:56.0300 5036   hcw85cir - ok
14:20:56.0325 5036   HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:20:56.0330 5036   HdAudAddService - ok
14:20:56.0362 5036   HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:20:56.0363 5036   HDAudBus - ok
14:20:56.0378 5036   HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:20:56.0379 5036   HidBatt - ok
14:20:56.0396 5036   HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:20:56.0398 5036   HidBth - ok
14:20:56.0471 5036   HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:20:56.0473 5036   HidIr - ok
14:20:56.0541 5036   HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:20:56.0542 5036   HidUsb - ok
14:20:56.0620 5036   HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:20:56.0622 5036   HpSAMD - ok
14:20:56.0703 5036   HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:20:56.0713 5036   HTTP - ok
14:20:56.0751 5036   hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:20:56.0752 5036   hwpolicy - ok
14:20:56.0782 5036   i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:20:56.0784 5036   i8042prt - ok
14:20:56.0818 5036   iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
14:20:56.0823 5036   iaStor - ok
14:20:56.0854 5036   iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:20:56.0860 5036   iaStorV - ok
14:20:57.0095 5036   igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:20:57.0143 5036   igfx - ok
14:20:57.0233 5036   iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:20:57.0234 5036   iirsp - ok
14:20:57.0251 5036   Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
14:20:57.0254 5036   Impcd - ok
14:20:57.0343 5036   IntcAzAudAddService (392d5c87f282e8e36df5154418a7bb20) C:\Windows\system32\drivers\RTKVHD64.sys
14:20:57.0372 5036   IntcAzAudAddService - ok
14:20:57.0395 5036   intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:20:57.0395 5036   intelide - ok
14:20:57.0466 5036   intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:20:57.0467 5036   intelppm - ok
14:20:57.0510 5036   IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:20:57.0512 5036   IpFilterDriver - ok
14:20:57.0529 5036   IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:20:57.0531 5036   IPMIDRV - ok
14:20:57.0541 5036   IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:20:57.0543 5036   IPNAT - ok
14:20:57.0567 5036   IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:20:57.0568 5036   IRENUM - ok
14:20:57.0606 5036   isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:20:57.0607 5036   isapnp - ok
14:20:57.0677 5036   iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:20:57.0681 5036   iScsiPrt - ok
14:20:57.0743 5036   kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:20:57.0749 5036   kbdclass - ok
14:20:57.0759 5036   kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:20:57.0760 5036   kbdhid - ok
14:20:57.0810 5036   KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:20:57.0812 5036   KSecDD - ok
14:20:57.0853 5036   KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:20:57.0856 5036   KSecPkg - ok
14:20:57.0879 5036   ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:20:57.0880 5036   ksthunk - ok
14:20:57.0984 5036   lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:20:57.0985 5036   lltdio - ok
14:20:58.0048 5036   LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:20:58.0050 5036   LSI_FC - ok
14:20:58.0064 5036   LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:20:58.0066 5036   LSI_SAS - ok
14:20:58.0087 5036   LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:20:58.0089 5036   LSI_SAS2 - ok
14:20:58.0109 5036   LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:20:58.0111 5036   LSI_SCSI - ok
14:20:58.0146 5036   luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:20:58.0148 5036   luafv - ok
14:20:58.0220 5036   megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:20:58.0221 5036   megasas - ok
14:20:58.0254 5036   MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:20:58.0258 5036   MegaSR - ok
14:20:58.0281 5036   MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
14:20:58.0282 5036   MEIx64 - ok
14:20:58.0303 5036   Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:20:58.0304 5036   Modem - ok
14:20:58.0322 5036   monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:20:58.0323 5036   monitor - ok
14:20:58.0344 5036   mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:20:58.0346 5036   mouclass - ok
14:20:58.0384 5036   mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:20:58.0385 5036   mouhid - ok
14:20:58.0431 5036   mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:20:58.0432 5036   mountmgr - ok
14:20:58.0476 5036   MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:20:58.0478 5036   MpFilter - ok
14:20:58.0500 5036   mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:20:58.0502 5036   mpio - ok
14:20:58.0528 5036   MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:20:58.0529 5036   MpNWMon - ok
14:20:58.0549 5036   mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:20:58.0550 5036   mpsdrv - ok
14:20:58.0570 5036   MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:20:58.0572 5036   MRxDAV - ok
14:20:58.0607 5036   mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:20:58.0609 5036   mrxsmb - ok
14:20:58.0684 5036   mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:20:58.0689 5036   mrxsmb10 - ok
14:20:58.0702 5036   mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:20:58.0705 5036   mrxsmb20 - ok
14:20:58.0721 5036   msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:20:58.0722 5036   msahci - ok
14:20:58.0761 5036   msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:20:58.0764 5036   msdsm - ok
14:20:58.0786 5036   Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:20:58.0787 5036   Msfs - ok
14:20:58.0813 5036   mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:20:58.0814 5036   mshidkmdf - ok
14:20:58.0871 5036   msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:20:58.0872 5036   msisadrv - ok
14:20:58.0904 5036   MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:20:58.0905 5036   MSKSSRV - ok
14:20:58.0915 5036   MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:20:58.0916 5036   MSPCLOCK - ok
14:20:58.0925 5036   MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:20:58.0926 5036   MSPQM - ok
14:20:58.0944 5036   MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:20:58.0949 5036   MsRPC - ok
14:20:58.0989 5036   mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:20:58.0989 5036   mssmbios - ok
14:20:59.0023 5036   MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:20:59.0024 5036   MSTEE - ok
14:20:59.0044 5036   MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:20:59.0044 5036   MTConfig - ok
14:20:59.0061 5036   Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:20:59.0062 5036   Mup - ok
14:20:59.0153 5036   NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:20:59.0158 5036   NativeWifiP - ok
14:20:59.0210 5036   NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:20:59.0223 5036   NDIS - ok
14:20:59.0238 5036   NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:20:59.0239 5036   NdisCap - ok
14:20:59.0278 5036   NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:20:59.0279 5036   NdisTapi - ok
14:20:59.0297 5036   Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:20:59.0298 5036   Ndisuio - ok
14:20:59.0315 5036   NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:20:59.0318 5036   NdisWan - ok
14:20:59.0374 5036   NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:20:59.0375 5036   NDProxy - ok
14:20:59.0393 5036   NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:20:59.0395 5036   NetBIOS - ok
14:20:59.0410 5036   NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:20:59.0414 5036   NetBT - ok
14:20:59.0519 5036   netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys
14:20:59.0537 5036   netr28x - ok
14:20:59.0635 5036   nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:20:59.0636 5036   nfrd960 - ok
14:20:59.0664 5036   NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:20:59.0666 5036   NisDrv - ok
14:20:59.0687 5036   Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:20:59.0688 5036   Npfs - ok
14:20:59.0706 5036   nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:20:59.0706 5036   nsiproxy - ok
14:20:59.0764 5036   Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:20:59.0786 5036   Ntfs - ok
14:20:59.0796 5036   Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:20:59.0797 5036   Null - ok
14:20:59.0872 5036   nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:20:59.0874 5036   nvraid - ok
14:20:59.0890 5036   nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:20:59.0893 5036   nvstor - ok
14:20:59.0927 5036   nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:20:59.0929 5036   nv_agp - ok
14:20:59.0956 5036   ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:20:59.0958 5036   ohci1394 - ok
14:21:00.0001 5036   Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:21:00.0003 5036   Parport - ok
14:21:00.0024 5036   partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:21:00.0026 5036   partmgr - ok
14:21:00.0044 5036   pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:21:00.0047 5036   pci - ok
14:21:00.0101 5036   pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:21:00.0102 5036   pciide - ok
14:21:00.0124 5036   pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:21:00.0128 5036   pcmcia - ok
14:21:00.0145 5036   pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:21:00.0146 5036   pcw - ok
14:21:00.0210 5036   PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:21:00.0219 5036   PEAUTH - ok
14:21:00.0322 5036   pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
14:21:00.0323 5036   pmxdrv - ok
14:21:00.0353 5036   Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:21:00.0354 5036   Point64 - ok
14:21:00.0384 5036   PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:21:00.0386 5036   PptpMiniport - ok
14:21:00.0402 5036   Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:21:00.0403 5036   Processor - ok
14:21:00.0445 5036   Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:21:00.0447 5036   Psched - ok
14:21:00.0498 5036   ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:21:00.0519 5036   ql2300 - ok
14:21:00.0578 5036   ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:21:00.0580 5036   ql40xx - ok
14:21:00.0605 5036   QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:21:00.0606 5036   QWAVEdrv - ok
14:21:00.0638 5036   RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:21:00.0639 5036   RasAcd - ok
14:21:00.0653 5036   RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:21:00.0654 5036   RasAgileVpn - ok
14:21:00.0681 5036   Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:00.0683 5036   Rasl2tp - ok
14:21:00.0716 5036   RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:00.0717 5036   RasPppoe - ok
14:21:00.0735 5036   RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:21:00.0737 5036   RasSstp - ok
14:21:00.0800 5036   rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:21:00.0805 5036   rdbss - ok
14:21:00.0824 5036   rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:21:00.0825 5036   rdpbus - ok
14:21:00.0851 5036   RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:00.0851 5036   RDPCDD - ok
14:21:00.0864 5036   RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:21:00.0864 5036   RDPENCDD - ok
14:21:00.0881 5036   RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:21:00.0881 5036   RDPREFMP - ok
14:21:00.0905 5036   RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:21:00.0907 5036   RDPWD - ok
14:21:00.0955 5036   rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:21:00.0958 5036   rdyboost - ok
14:21:01.0082 5036   rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:21:01.0085 5036   rspndr - ok
14:21:01.0122 5036   RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:21:01.0129 5036   RTL8167 - ok
14:21:01.0152 5036   sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:21:01.0154 5036   sbp2port - ok
14:21:01.0186 5036   scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:21:01.0187 5036   scfilter - ok
14:21:01.0243 5036   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:21:01.0244 5036   secdrv - ok
14:21:01.0348 5036   Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:21:01.0349 5036   Serenum - ok
14:21:01.0364 5036   Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:21:01.0366 5036   Serial - ok
14:21:01.0391 5036   sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:21:01.0392 5036   sermouse - ok
14:21:01.0424 5036   sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:21:01.0425 5036   sffdisk - ok
14:21:01.0448 5036   sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:21:01.0448 5036   sffp_mmc - ok
14:21:01.0463 5036   sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:21:01.0464 5036   sffp_sd - ok
14:21:01.0496 5036   sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:21:01.0497 5036   sfloppy - ok
14:21:01.0580 5036   SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:21:01.0581 5036   SiSRaid2 - ok
14:21:01.0590 5036   SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:21:01.0592 5036   SiSRaid4 - ok
14:21:01.0614 5036   Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:21:01.0615 5036   Smb - ok
14:21:01.0644 5036   spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:21:01.0645 5036   spldr - ok
14:21:01.0686 5036   srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:21:01.0693 5036   srv - ok
14:21:01.0714 5036   srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:21:01.0720 5036   srv2 - ok
14:21:01.0792 5036   srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:21:01.0795 5036   srvnet - ok
14:21:01.0848 5036   stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:21:01.0849 5036   stexstor - ok
14:21:01.0892 5036   swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:21:01.0893 5036   swenum - ok
14:21:01.0960 5036   Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:21:01.0986 5036   Tcpip - ok
14:21:02.0060 5036   TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:21:02.0076 5036   TCPIP6 - ok
14:21:02.0092 5036   tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:21:02.0093 5036   tcpipreg - ok
14:21:02.0121 5036   TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:21:02.0122 5036   TDPIPE - ok
14:21:02.0142 5036   TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:21:02.0143 5036   TDTCP - ok
14:21:02.0187 5036   tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:21:02.0189 5036   tdx - ok
14:21:02.0219 5036   TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:21:02.0220 5036   TermDD - ok
14:21:02.0255 5036   tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:02.0257 5036   tssecsrv - ok
14:21:02.0315 5036   TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:21:02.0316 5036   TsUsbFlt - ok
14:21:02.0342 5036   TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:21:02.0343 5036   TsUsbGD - ok
14:21:02.0374 5036   tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:21:02.0376 5036   tunnel - ok
14:21:02.0402 5036   uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:21:02.0404 5036   uagp35 - ok
14:21:02.0429 5036   udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:21:02.0433 5036   udfs - ok
14:21:02.0473 5036   uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:21:02.0475 5036   uliagpkx - ok
14:21:02.0552 5036   umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:21:02.0553 5036   umbus - ok
14:21:02.0567 5036   UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:21:02.0568 5036   UmPass - ok
14:21:02.0605 5036   usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:02.0607 5036   usbccgp - ok
14:21:02.0638 5036   usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:21:02.0640 5036   usbcir - ok
14:21:02.0667 5036   usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:21:02.0669 5036   usbehci - ok
14:21:02.0713 5036   usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
14:21:02.0718 5036   usbhub - ok
14:21:02.0780 5036   usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:21:02.0781 5036   usbohci - ok
14:21:02.0795 5036   usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:21:02.0796 5036   usbprint - ok
14:21:02.0805 5036   usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:21:02.0806 5036   usbscan - ok
14:21:02.0826 5036   USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:02.0828 5036   USBSTOR - ok
14:21:02.0870 5036   usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:21:02.0872 5036   usbuhci - ok
14:21:02.0927 5036   vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:21:02.0928 5036   vdrvroot - ok
14:21:02.0961 5036   vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:02.0964 5036   vga - ok
14:21:03.0042 5036   VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:21:03.0043 5036   VgaSave - ok
14:21:03.0064 5036   vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:21:03.0067 5036   vhdmp - ok
14:21:03.0087 5036   viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:21:03.0089 5036   viaide - ok
14:21:03.0108 5036   volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:21:03.0110 5036   volmgr - ok
14:21:03.0137 5036   volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:21:03.0142 5036   volmgrx - ok
14:21:03.0175 5036   volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
14:21:03.0178 5036   volsnap - ok
14:21:03.0253 5036   vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:21:03.0256 5036   vsmraid - ok
14:21:03.0287 5036   vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:21:03.0288 5036   vwifibus - ok
14:21:03.0316 5036   vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:21:03.0317 5036   vwififlt - ok
14:21:03.0357 5036   WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:21:03.0358 5036   WacomPen - ok
14:21:03.0395 5036   WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:03.0397 5036   WANARP - ok
14:21:03.0400 5036   Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:03.0401 5036   Wanarpv6 - ok
14:21:03.0428 5036   Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:21:03.0429 5036   Wd - ok
14:21:03.0502 5036   Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:21:03.0511 5036   Wdf01000 - ok
14:21:03.0548 5036   WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:21:03.0549 5036   WfpLwf - ok
14:21:03.0585 5036   WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:21:03.0586 5036   WIMMount - ok
14:21:03.0649 5036   WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:21:03.0650 5036   WmiAcpi - ok
14:21:03.0735 5036   ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:21:03.0737 5036   ws2ifsl - ok
14:21:03.0760 5036   WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:21:03.0762 5036   WudfPf - ok
14:21:03.0785 5036   WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:03.0788 5036   WUDFRd - ok
14:21:03.0822 5036   MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:21:03.0895 5036   \Device\Harddisk0\DR0 - ok
14:21:03.0898 5036   Boot (0x1200) (722a56c2042342d87416b32b06381b1c) \Device\Harddisk0\DR0\Partition0
14:21:03.0899 5036   \Device\Harddisk0\DR0\Partition0 - ok
14:21:03.0907 5036   Boot (0x1200) (9897c84ee14043cc30d85b99783e4d6a) \Device\Harddisk0\DR0\Partition1
14:21:03.0909 5036   \Device\Harddisk0\DR0\Partition1 - ok
14:21:03.0940 5036   Boot (0x1200) (929316d23bd5f410d1037dec5d4398b8) \Device\Harddisk0\DR0\Partition2
14:21:03.0942 5036   \Device\Harddisk0\DR0\Partition2 - ok
14:21:03.0942 5036   ============================================================
14:21:03.0942 5036   Scan finished
14:21:03.0942 5036   ============================================================
14:21:03.0951 5796   Detected object count: 0
14:21:03.0951 5796   Actual detected object count: 0

KeiserBKeiser · « **Reply #8 on:** March 18, 2012, 01:04:35 PM »

the files are too large to attach.......

Can I use a MEDIAFIRE drop box and send you the link.

Hoov · « **Reply #9 on:** March 18, 2012, 01:07:08 PM »

Yep.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

KeiserBKeiser · « **Reply #10 on:** March 18, 2012, 01:13:18 PM »

http://www.mediafire.com/?u6322roufsuoncd

(that is the Application zipped file)

http://www.mediafire.com/?qhtl7s04f749ew8

(that is the System zipped file)

Should I proceed with the COMBOFIX instructions now?

Hoov · « **Reply #11 on:** March 18, 2012, 01:39:11 PM »

Yep. You say that Spybot didn't get it all, but TDSSKiller didn't find any. That means it is hiding a bit more than normal, so combofix is the next line of attack.

Both of those logs are the same. Something must have gone wrong. Can you try doing it again?

KeiserBKeiser · « **Reply #12 on:** March 18, 2012, 01:41:25 PM »

typically if I restart the system (which I haven't done because you didn't tell me to) and MSW is running, it pops right up.

But either way, whatever you think is best. I've disabled spybot at this point as well as all other programs.

Hoov · « **Reply #13 on:** March 18, 2012, 01:43:52 PM »

Just to make sure I have it right, what is MSW?

KeiserBKeiser · « **Reply #14 on:** March 18, 2012, 01:46:08 PM »

oops....Microsoft Security Essentials.

MSE.......that's me fat fingering the keyboard.

News:

Author Topic: [Resolved] trojan:dos/alureon.e DDS Copy and Paste (Read 3564 times)

KeiserBKeiser

[Resolved] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

trojan:dos/alureon.e ATTACH COPY & PASTE

Hoov

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

Hoov

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

Hoov

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

Hoov

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

Hoov

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste

KeiserBKeiser

Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste