Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon.FE


  • Please log in to reply
9 replies to this topic

#1 Strex

Strex

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 05 December 2011 - 11:17 AM

According to MSE, I have been infected by an Alureon.FE trojan. MSE identifies it but 'allows' it. Downloaded MS System Sweeper as advised by Security Essentials but it could not remove it either. It seems to manifest itself by Google redirects, sluggish system performance and by not allowing certain processes to execute. For example, I was attempting to install a new HP printer but the set-up exec would begin but then just quit.

Please show me the way to rid myself of this beast.

Thanks,

Strex

BC AdBot (Login to Remove)

 


#2 Strex

Strex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 05 December 2011 - 05:14 PM

Forgot to add that I am running Windows 7 64 bit.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,079 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:27 PM

Posted 05 December 2011 - 07:39 PM

Hello and welcome. Please run these post the logs and see how it is.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Strex

Strex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 06 December 2011 - 09:00 AM

I have been battling this thing for a few days using various methods I have found on the web (I know, bad idea. Won't do it anymore now that I am in contact with you) and I think I may have wounded it. But I want to make sure that my machine is totally clean. TDSSKiller would not run so I used FixTDSS (last time I freelance, promise) and it then executed. Here are the logs you requested.

7:35:52.0442 4664 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
17:35:52.0801 4664 ============================================================
17:35:52.0801 4664 Current date / time: 2011/12/05 17:35:52.0801
17:35:52.0801 4664 SystemInfo:
17:35:52.0801 4664
17:35:52.0801 4664 OS Version: 6.1.7601 ServicePack: 1.0
17:35:52.0801 4664 Product type: Workstation
17:35:52.0801 4664 ComputerName: HOME
17:35:52.0801 4664 UserName: Cory
17:35:52.0801 4664 Windows directory: C:\Windows
17:35:52.0801 4664 System windows directory: C:\Windows
17:35:52.0801 4664 Running under WOW64
17:35:52.0801 4664 Processor architecture: Intel x64
17:35:52.0801 4664 Number of processors: 4
17:35:52.0801 4664 Page size: 0x1000
17:35:52.0801 4664 Boot type: Normal boot
17:35:52.0801 4664 ============================================================
17:35:54.0392 4664 Initialize success
17:36:00.0772 4756 ============================================================
17:36:00.0772 4756 Scan started
17:36:00.0772 4756 Mode: Manual;
17:36:00.0772 4756 ============================================================
17:36:01.0662 4756 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:36:01.0662 4756 1394ohci - ok
17:36:01.0708 4756 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:36:01.0708 4756 ACPI - ok
17:36:01.0724 4756 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:36:01.0724 4756 AcpiPmi - ok
17:36:01.0802 4756 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:36:01.0818 4756 adp94xx - ok
17:36:01.0849 4756 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:36:01.0849 4756 adpahci - ok
17:36:01.0864 4756 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:36:01.0864 4756 adpu320 - ok
17:36:01.0911 4756 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:36:01.0927 4756 AFD - ok
17:36:01.0958 4756 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:36:01.0958 4756 agp440 - ok
17:36:01.0989 4756 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:36:01.0989 4756 aliide - ok
17:36:01.0989 4756 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:36:01.0989 4756 amdide - ok
17:36:02.0020 4756 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:36:02.0020 4756 AmdK8 - ok
17:36:02.0052 4756 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:36:02.0052 4756 AmdPPM - ok
17:36:02.0083 4756 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:36:02.0083 4756 amdsata - ok
17:36:02.0114 4756 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:36:02.0114 4756 amdsbs - ok
17:36:02.0130 4756 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:36:02.0130 4756 amdxata - ok
17:36:02.0176 4756 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:36:02.0176 4756 AppID - ok
17:36:02.0223 4756 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:36:02.0223 4756 arc - ok
17:36:02.0254 4756 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:36:02.0254 4756 arcsas - ok
17:36:02.0270 4756 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:36:02.0270 4756 AsyncMac - ok
17:36:02.0301 4756 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:36:02.0301 4756 atapi - ok
17:36:02.0348 4756 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:36:02.0348 4756 b06bdrv - ok
17:36:02.0379 4756 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:36:02.0379 4756 b57nd60a - ok
17:36:02.0395 4756 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:36:02.0395 4756 Beep - ok
17:36:02.0442 4756 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:36:02.0442 4756 blbdrive - ok
17:36:02.0488 4756 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:36:02.0488 4756 bowser - ok
17:36:02.0504 4756 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:36:02.0504 4756 BrFiltLo - ok
17:36:02.0535 4756 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:36:02.0535 4756 BrFiltUp - ok
17:36:02.0551 4756 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:36:02.0551 4756 Brserid - ok
17:36:02.0566 4756 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:36:02.0566 4756 BrSerWdm - ok
17:36:02.0582 4756 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:36:02.0582 4756 BrUsbMdm - ok
17:36:02.0598 4756 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:36:02.0598 4756 BrUsbSer - ok
17:36:02.0613 4756 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:36:02.0613 4756 BTHMODEM - ok
17:36:02.0660 4756 catchme - ok
17:36:02.0691 4756 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:36:02.0691 4756 cdfs - ok
17:36:02.0722 4756 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:36:02.0722 4756 cdrom - ok
17:36:02.0754 4756 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:36:02.0754 4756 circlass - ok
17:36:02.0785 4756 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:36:02.0800 4756 CLFS - ok
17:36:02.0832 4756 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:36:02.0832 4756 CmBatt - ok
17:36:02.0863 4756 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:36:02.0863 4756 cmdide - ok
17:36:02.0894 4756 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:36:02.0894 4756 CNG - ok
17:36:02.0925 4756 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:36:02.0925 4756 Compbatt - ok
17:36:02.0956 4756 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:36:02.0956 4756 CompositeBus - ok
17:36:02.0972 4756 cpuz133 (641243746597fbd650e5000d95811ea3) C:\Windows\system32\drivers\cpuz133_x64.sys
17:36:02.0972 4756 cpuz133 - ok
17:36:03.0066 4756 cpuz134 - ok
17:36:03.0081 4756 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:36:03.0081 4756 crcdisk - ok
17:36:03.0128 4756 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:36:03.0128 4756 DfsC - ok
17:36:03.0144 4756 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:36:03.0144 4756 discache - ok
17:36:03.0175 4756 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:36:03.0175 4756 Disk - ok
17:36:03.0237 4756 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:36:03.0237 4756 Dot4 - ok
17:36:03.0268 4756 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
17:36:03.0268 4756 Dot4Print - ok
17:36:03.0300 4756 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:36:03.0300 4756 dot4usb - ok
17:36:03.0331 4756 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:36:03.0331 4756 drmkaud - ok
17:36:03.0362 4756 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:36:03.0378 4756 DXGKrnl - ok
17:36:03.0440 4756 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:36:03.0502 4756 ebdrv - ok
17:36:03.0549 4756 ElRawDisk (4360d0ddbc501a7df418e93ed235d848) C:\Windows\system32\drivers\elrawdsk.sys
17:36:03.0549 4756 ElRawDisk - ok
17:36:03.0580 4756 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:36:03.0596 4756 elxstor - ok
17:36:03.0612 4756 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:36:03.0612 4756 ErrDev - ok
17:36:03.0643 4756 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:36:03.0643 4756 exfat - ok
17:36:03.0674 4756 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:36:03.0674 4756 fastfat - ok
17:36:03.0705 4756 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:36:03.0705 4756 fdc - ok
17:36:03.0721 4756 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:36:03.0721 4756 FileInfo - ok
17:36:03.0736 4756 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:36:03.0736 4756 Filetrace - ok
17:36:03.0768 4756 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:36:03.0768 4756 flpydisk - ok
17:36:03.0799 4756 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:36:03.0799 4756 FltMgr - ok
17:36:03.0830 4756 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:36:03.0830 4756 FsDepends - ok
17:36:03.0877 4756 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
17:36:03.0877 4756 fssfltr - ok
17:36:03.0892 4756 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:36:03.0892 4756 Fs_Rec - ok
17:36:03.0939 4756 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:36:03.0939 4756 fvevol - ok
17:36:03.0970 4756 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:36:03.0970 4756 gagp30kx - ok
17:36:03.0986 4756 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:36:03.0986 4756 GEARAspiWDM - ok
17:36:04.0033 4756 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:36:04.0033 4756 hcw85cir - ok
17:36:04.0064 4756 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:36:04.0064 4756 HDAudBus - ok
17:36:04.0080 4756 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:36:04.0080 4756 HidBatt - ok
17:36:04.0095 4756 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:36:04.0095 4756 HidBth - ok
17:36:04.0111 4756 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:36:04.0111 4756 HidIr - ok
17:36:04.0142 4756 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:36:04.0142 4756 HidUsb - ok
17:36:04.0189 4756 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:36:04.0189 4756 HpSAMD - ok
17:36:04.0220 4756 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:36:04.0236 4756 HTTP - ok
17:36:04.0267 4756 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:36:04.0267 4756 hwpolicy - ok
17:36:04.0298 4756 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:36:04.0298 4756 i8042prt - ok
17:36:04.0329 4756 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:36:04.0329 4756 iaStorV - ok
17:36:04.0360 4756 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:36:04.0360 4756 iirsp - ok
17:36:04.0423 4756 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys
17:36:04.0438 4756 IntcAzAudAddService - ok
17:36:04.0454 4756 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:36:04.0454 4756 intelide - ok
17:36:04.0470 4756 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:36:04.0485 4756 intelppm - ok
17:36:04.0516 4756 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:04.0516 4756 IpFilterDriver - ok
17:36:04.0532 4756 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:36:04.0532 4756 IPMIDRV - ok
17:36:04.0563 4756 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:36:04.0563 4756 IPNAT - ok
17:36:04.0610 4756 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:36:04.0610 4756 IRENUM - ok
17:36:04.0626 4756 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:36:04.0626 4756 isapnp - ok
17:36:04.0641 4756 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:36:04.0641 4756 iScsiPrt - ok
17:36:04.0672 4756 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:36:04.0672 4756 kbdclass - ok
17:36:04.0688 4756 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:36:04.0688 4756 kbdhid - ok
17:36:04.0719 4756 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:36:04.0719 4756 KSecDD - ok
17:36:04.0735 4756 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:36:04.0750 4756 KSecPkg - ok
17:36:04.0782 4756 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:36:04.0782 4756 ksthunk - ok
17:36:04.0813 4756 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:36:04.0813 4756 lltdio - ok
17:36:04.0844 4756 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:36:04.0844 4756 LSI_FC - ok
17:36:04.0860 4756 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:36:04.0860 4756 LSI_SAS - ok
17:36:04.0875 4756 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:36:04.0891 4756 LSI_SAS2 - ok
17:36:04.0906 4756 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:36:04.0906 4756 LSI_SCSI - ok
17:36:04.0922 4756 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:36:04.0922 4756 luafv - ok
17:36:04.0969 4756 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:36:04.0969 4756 megasas - ok
17:36:04.0984 4756 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:36:05.0000 4756 MegaSR - ok
17:36:05.0016 4756 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:36:05.0016 4756 Modem - ok
17:36:05.0047 4756 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:36:05.0047 4756 monitor - ok
17:36:05.0078 4756 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:36:05.0078 4756 mouclass - ok
17:36:05.0109 4756 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:36:05.0109 4756 mouhid - ok
17:36:05.0125 4756 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:36:05.0125 4756 mountmgr - ok
17:36:05.0187 4756 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
17:36:05.0187 4756 MpFilter - ok
17:36:05.0203 4756 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:36:05.0203 4756 mpio - ok
17:36:05.0234 4756 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:36:05.0234 4756 MpNWMon - ok
17:36:05.0250 4756 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:36:05.0250 4756 mpsdrv - ok
17:36:05.0328 4756 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
17:36:05.0328 4756 MREMP50 - ok
17:36:05.0374 4756 MREMP50a64 - ok
17:36:05.0374 4756 MREMPR5 - ok
17:36:05.0390 4756 MRENDIS5 - ok
17:36:05.0390 4756 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
17:36:05.0406 4756 MRESP50 - ok
17:36:05.0406 4756 MRESP50a64 - ok
17:36:05.0421 4756 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:36:05.0437 4756 MRxDAV - ok
17:36:05.0468 4756 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:36:05.0468 4756 mrxsmb - ok
17:36:05.0499 4756 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:36:05.0499 4756 mrxsmb10 - ok
17:36:05.0530 4756 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:36:05.0530 4756 mrxsmb20 - ok
17:36:05.0562 4756 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:36:05.0562 4756 msahci - ok
17:36:05.0593 4756 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:36:05.0593 4756 msdsm - ok
17:36:05.0608 4756 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:36:05.0624 4756 Msfs - ok
17:36:05.0624 4756 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:36:05.0624 4756 mshidkmdf - ok
17:36:05.0640 4756 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:36:05.0640 4756 msisadrv - ok
17:36:05.0671 4756 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:36:05.0671 4756 MSKSSRV - ok
17:36:05.0718 4756 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:36:05.0718 4756 MSPCLOCK - ok
17:36:05.0733 4756 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:36:05.0733 4756 MSPQM - ok
17:36:05.0780 4756 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:36:05.0780 4756 MsRPC - ok
17:36:05.0796 4756 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:36:05.0796 4756 mssmbios - ok
17:36:05.0811 4756 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:36:05.0811 4756 MSTEE - ok
17:36:05.0827 4756 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:36:05.0827 4756 MTConfig - ok
17:36:05.0858 4756 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:36:05.0858 4756 Mup - ok
17:36:05.0905 4756 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:36:05.0905 4756 NativeWifiP - ok
17:36:05.0936 4756 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:36:05.0952 4756 NDIS - ok
17:36:05.0983 4756 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:36:05.0983 4756 NdisCap - ok
17:36:06.0014 4756 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:36:06.0014 4756 NdisTapi - ok
17:36:06.0045 4756 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:36:06.0045 4756 Ndisuio - ok
17:36:06.0061 4756 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:36:06.0076 4756 NdisWan - ok
17:36:06.0108 4756 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:36:06.0108 4756 NDProxy - ok
17:36:06.0108 4756 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:36:06.0108 4756 NetBIOS - ok
17:36:06.0123 4756 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:36:06.0123 4756 NetBT - ok
17:36:06.0186 4756 netr7364 (7b3a86cda73b3e89fd69666c4329c3b7) C:\Windows\system32\DRIVERS\netr7364.sys
17:36:06.0201 4756 netr7364 - ok
17:36:06.0232 4756 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:36:06.0248 4756 nfrd960 - ok
17:36:06.0279 4756 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:36:06.0279 4756 NisDrv - ok
17:36:06.0310 4756 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:36:06.0310 4756 Npfs - ok
17:36:06.0342 4756 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:36:06.0342 4756 nsiproxy - ok
17:36:06.0388 4756 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:36:06.0404 4756 Ntfs - ok
17:36:06.0420 4756 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:36:06.0420 4756 Null - ok
17:36:06.0466 4756 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:36:06.0482 4756 NVENETFD - ok
17:36:06.0685 4756 nvlddmkm (1d135cc25b5ac1b9d2b6004d9de28df3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:36:06.0747 4756 nvlddmkm - ok
17:36:06.0794 4756 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
17:36:06.0794 4756 NVNET - ok
17:36:06.0825 4756 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:36:06.0825 4756 nvraid - ok
17:36:06.0856 4756 nvrd64 (694f5e9d9d624d47f432f5b2e66a0528) C:\Windows\system32\DRIVERS\nvrd64.sys
17:36:06.0856 4756 nvrd64 - ok
17:36:06.0872 4756 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
17:36:06.0872 4756 nvsmu - ok
17:36:06.0903 4756 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:36:06.0903 4756 nvstor - ok
17:36:06.0934 4756 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
17:36:06.0934 4756 nvstor64 - ok
17:36:06.0966 4756 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:36:06.0966 4756 nv_agp - ok
17:36:06.0997 4756 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:36:07.0012 4756 ohci1394 - ok
17:36:07.0059 4756 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:36:07.0059 4756 Parport - ok
17:36:07.0075 4756 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:36:07.0075 4756 partmgr - ok
17:36:07.0090 4756 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:36:07.0090 4756 pci - ok
17:36:07.0122 4756 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:36:07.0122 4756 pciide - ok
17:36:07.0137 4756 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:36:07.0137 4756 pcmcia - ok
17:36:07.0153 4756 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:36:07.0153 4756 pcw - ok
17:36:07.0184 4756 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:36:07.0200 4756 PEAUTH - ok
17:36:07.0231 4756 pnarp (328b99e25901d314fdfb31f18a7e302e) C:\Windows\system32\DRIVERS\pnarp.sys
17:36:07.0231 4756 pnarp - ok
17:36:07.0278 4756 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:36:07.0278 4756 PptpMiniport - ok
17:36:07.0293 4756 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:36:07.0293 4756 Processor - ok
17:36:07.0356 4756 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
17:36:07.0356 4756 Ps2 - ok
17:36:07.0387 4756 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:36:07.0387 4756 Psched - ok
17:36:07.0402 4756 purendis (e33ae01d03ebe68cd6a934bf52702bfd) C:\Windows\system32\DRIVERS\purendis.sys
17:36:07.0402 4756 purendis - ok
17:36:07.0449 4756 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:36:07.0480 4756 ql2300 - ok
17:36:07.0496 4756 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:36:07.0496 4756 ql40xx - ok
17:36:07.0527 4756 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:36:07.0527 4756 QWAVEdrv - ok
17:36:07.0558 4756 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:36:07.0558 4756 RasAcd - ok
17:36:07.0590 4756 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:07.0590 4756 RasAgileVpn - ok
17:36:07.0621 4756 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:07.0621 4756 Rasl2tp - ok
17:36:07.0636 4756 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:07.0636 4756 RasPppoe - ok
17:36:07.0652 4756 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:36:07.0652 4756 RasSstp - ok
17:36:07.0683 4756 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:36:07.0683 4756 rdbss - ok
17:36:07.0699 4756 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:36:07.0699 4756 rdpbus - ok
17:36:07.0714 4756 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:07.0714 4756 RDPCDD - ok
17:36:07.0730 4756 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:36:07.0730 4756 RDPENCDD - ok
17:36:07.0746 4756 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:36:07.0746 4756 RDPREFMP - ok
17:36:07.0761 4756 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:36:07.0761 4756 RDPWD - ok
17:36:07.0792 4756 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:36:07.0808 4756 rdyboost - ok
17:36:07.0839 4756 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:36:07.0839 4756 rspndr - ok
17:36:07.0902 4756 RSUSBSTOR (ce2ef8030932b98832eb2f9580c5b1dd) C:\Windows\system32\Drivers\RtsUStor.sys
17:36:07.0902 4756 RSUSBSTOR - ok
17:36:07.0964 4756 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:36:07.0964 4756 SASDIFSV - ok
17:36:07.0980 4756 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:36:07.0980 4756 SASKUTIL - ok
17:36:08.0011 4756 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:36:08.0011 4756 sbp2port - ok
17:36:08.0042 4756 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:36:08.0042 4756 scfilter - ok
17:36:08.0073 4756 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:36:08.0073 4756 secdrv - ok
17:36:08.0089 4756 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:36:08.0089 4756 Serenum - ok
17:36:08.0104 4756 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:36:08.0104 4756 Serial - ok
17:36:08.0136 4756 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:36:08.0136 4756 sermouse - ok
17:36:08.0182 4756 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:36:08.0182 4756 sffdisk - ok
17:36:08.0198 4756 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:36:08.0198 4756 sffp_mmc - ok
17:36:08.0214 4756 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:36:08.0214 4756 sffp_sd - ok
17:36:08.0229 4756 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:36:08.0229 4756 sfloppy - ok
17:36:08.0245 4756 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:36:08.0260 4756 SiSRaid2 - ok
17:36:08.0276 4756 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:36:08.0276 4756 SiSRaid4 - ok
17:36:08.0292 4756 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:36:08.0307 4756 Smb - ok
17:36:08.0338 4756 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:36:08.0338 4756 spldr - ok
17:36:08.0385 4756 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:36:08.0401 4756 srv - ok
17:36:08.0416 4756 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:36:08.0432 4756 srv2 - ok
17:36:08.0432 4756 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:36:08.0448 4756 srvnet - ok
17:36:08.0463 4756 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:36:08.0479 4756 stexstor - ok
17:36:08.0510 4756 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:36:08.0510 4756 swenum - ok
17:36:08.0572 4756 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:36:08.0604 4756 Tcpip - ok
17:36:08.0650 4756 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:36:08.0650 4756 TCPIP6 - ok
17:36:08.0682 4756 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:36:08.0682 4756 tcpipreg - ok
17:36:08.0713 4756 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:36:08.0713 4756 TDPIPE - ok
17:36:08.0728 4756 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:36:08.0728 4756 TDTCP - ok
17:36:08.0760 4756 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:36:08.0760 4756 tdx - ok
17:36:08.0775 4756 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:36:08.0775 4756 TermDD - ok
17:36:08.0822 4756 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:08.0822 4756 tssecsrv - ok
17:36:08.0853 4756 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:36:08.0869 4756 TsUsbFlt - ok
17:36:08.0900 4756 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:36:08.0900 4756 tunnel - ok
17:36:08.0931 4756 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:36:08.0931 4756 uagp35 - ok
17:36:08.0962 4756 ubohci (bfb5f255636977fe72e7cc14fb404fac) C:\Windows\system32\DRIVERS\ubohci.sys
17:36:08.0978 4756 ubohci - ok
17:36:08.0994 4756 ubsbm (b6af2605ab31d65a47cc96ea19d67347) C:\Windows\system32\DRIVERS\ubsbm.sys
17:36:09.0009 4756 ubsbm - ok
17:36:09.0025 4756 ubumapi (af7a45a3af3abfc2101d270f46c11ae6) C:\Windows\system32\DRIVERS\ubumapi.sys
17:36:09.0025 4756 ubumapi - ok
17:36:09.0056 4756 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:36:09.0056 4756 udfs - ok
17:36:09.0087 4756 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:36:09.0087 4756 uliagpkx - ok
17:36:09.0118 4756 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:36:09.0118 4756 umbus - ok
17:36:09.0134 4756 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:36:09.0134 4756 UmPass - ok
17:36:09.0165 4756 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:36:09.0165 4756 USBAAPL64 - ok
17:36:09.0196 4756 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:36:09.0196 4756 usbccgp - ok
17:36:09.0228 4756 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:36:09.0228 4756 usbcir - ok
17:36:09.0259 4756 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:36:09.0259 4756 usbehci - ok
17:36:09.0274 4756 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:36:09.0274 4756 usbhub - ok
17:36:09.0290 4756 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:36:09.0306 4756 usbohci - ok
17:36:09.0306 4756 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:36:09.0306 4756 usbprint - ok
17:36:09.0352 4756 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:36:09.0352 4756 usbscan - ok
17:36:09.0384 4756 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:36:09.0384 4756 USBSTOR - ok
17:36:09.0399 4756 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:36:09.0399 4756 usbuhci - ok
17:36:09.0430 4756 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:36:09.0430 4756 vdrvroot - ok
17:36:09.0462 4756 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:36:09.0462 4756 vga - ok
17:36:09.0477 4756 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:36:09.0477 4756 VgaSave - ok
17:36:09.0493 4756 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:36:09.0493 4756 vhdmp - ok
17:36:09.0524 4756 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:36:09.0524 4756 viaide - ok
17:36:09.0540 4756 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:36:09.0540 4756 volmgr - ok
17:36:09.0571 4756 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:36:09.0571 4756 volmgrx - ok
17:36:09.0602 4756 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:36:09.0602 4756 volsnap - ok
17:36:09.0649 4756 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:36:09.0649 4756 vsmraid - ok
17:36:09.0680 4756 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:36:09.0680 4756 vwifibus - ok
17:36:09.0711 4756 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:36:09.0711 4756 vwififlt - ok
17:36:09.0727 4756 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:36:09.0727 4756 WacomPen - ok
17:36:09.0742 4756 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:36:09.0742 4756 WANARP - ok
17:36:09.0758 4756 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:36:09.0758 4756 Wanarpv6 - ok
17:36:09.0789 4756 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:36:09.0789 4756 Wd - ok
17:36:09.0820 4756 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
17:36:09.0820 4756 WDC_SAM - ok
17:36:09.0836 4756 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:36:09.0852 4756 Wdf01000 - ok
17:36:09.0914 4756 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:36:09.0914 4756 WfpLwf - ok
17:36:09.0930 4756 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:36:09.0930 4756 WIMMount - ok
17:36:09.0976 4756 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:36:09.0992 4756 WinUsb - ok
17:36:10.0039 4756 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:36:10.0039 4756 WmiAcpi - ok
17:36:10.0086 4756 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:36:10.0086 4756 ws2ifsl - ok
17:36:10.0117 4756 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:36:10.0117 4756 WudfPf - ok
17:36:10.0148 4756 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:36:10.0148 4756 WUDFRd - ok
17:36:10.0257 4756 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
17:36:10.0257 4756 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
17:36:10.0273 4756 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:36:10.0273 4756 \Device\Harddisk0\DR0 - ok
17:36:10.0288 4756 Boot (0x1200) (ecc67270e0eafdd31d8b2cc34023a2d2) \Device\Harddisk0\DR0\Partition0
17:36:10.0288 4756 \Device\Harddisk0\DR0\Partition0 - ok
17:36:10.0320 4756 Boot (0x1200) (27dade4585d9722890f92b81874096d1) \Device\Harddisk0\DR0\Partition1
17:36:10.0320 4756 \Device\Harddisk0\DR0\Partition1 - ok
17:36:10.0320 4756 ============================================================
17:36:10.0320 4756 Scan finished
17:36:10.0320 4756 ============================================================
17:36:10.0335 4748 Detected object count: 0
17:36:10.0335 4748 Actual detected object count: 0
17:36:23.0049 4660 Deinitialize success


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8281

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/5/2011 6:34:25 PM
mbam-log-2011-12-05 (18-34-25).txt

Scan type: Quick scan
Objects scanned: 177123
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,079 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:27 PM

Posted 06 December 2011 - 10:13 AM

That's OK, Fix TDSS would 've been next.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Strex

Strex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 06 December 2011 - 07:48 PM

Ok, it found some stuff and took action. Here's the report:

C:\Qoobox\Quarantine\C\Users\Cory\AppData\Roaming\Mozilla\Firefox\Profiles\64ycu2q5.default\extensions\{92783e58-c6bf-4864-af0b-893bddd6a074}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Cory\AppData\Roaming\Mozilla\Firefox\Profiles\64ycu2q5.default\extensions\{92783e58-c6bf-4864-af0b-893bddd6a074}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Cory\AppData\Roaming\Mozilla\Firefox\Profiles\64ycu2q5.default\extensions\{93ddd9b9-6400-494f-a4eb-c7964c6c3cbd}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Cory\AppData\Roaming\Mozilla\Firefox\Profiles\64ycu2q5.default\extensions\{93ddd9b9-6400-494f-a4eb-c7964c6c3cbd}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Cory\AppData\Roaming\Mozilla\Firefox\Profiles\64ycu2q5.default\extensions\{b16e08d5-a2d7-4237-98bc-e53793124876}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Cory\AppData\Roaming\Mozilla\Firefox\Profiles\64ycu2q5.default\extensions\{b16e08d5-a2d7-4237-98bc-e53793124876}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,079 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:27 PM

Posted 06 December 2011 - 09:31 PM

Looks good,was Combofix run before Tdss??
Running well now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Strex

Strex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 07 December 2011 - 09:06 AM

I knew Qoobox would bust me. Yeah, one of the first things I did a few days ago when things got weird was run ComboFix. I had used it a couple of times in the past successfully and thought of it as my go to tool of last resort in situations like these. When it took forever to run and I still had symptoms after completion, I got nervous and decided to contact someone who actually knew what they were doing (you).

Now that I know how easy the support process is at Bleeping, I won't have to stumble around in the dark anymore. I'm one of those guys who has just enough knowledge to be dangerous.

Things appear to be running fine now. Thanks very much for your help Boopme, really appreciated.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,079 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:27 PM

Posted 07 December 2011 - 12:54 PM

Alls good, I needed to know as many times ComboFix needs a follow up.
And as TDSS found nothing I knew you had to have run something else and wanted to be sure it was removed.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Strex

Strex
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 07 December 2011 - 05:33 PM

OK, will do. Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users