Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check DOS/Alureon.E


  • This topic is locked This topic is locked
37 replies to this topic

#1 maxiesox

maxiesox

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 18 January 2012 - 04:34 PM

Hi,
Can't get rkill or mbam to run, (I tried all 7 named versions of rkill) . I have symptoms of Systemcheck malware. when I run any version of rkill it says instalation failed(3 times) then looks like it will run but then it says access denied, and when I try to run malwarebytes it says runtime error "5" Help! I used unhide files to get my files to show, but nothing removes this system check program also Microsoft security essentials says I have DOS/Alureon.E, it says it cant remove it. I also ran tdsskiller, and it did not find any problems. I had problems getting my computer to boot up so when I finally got it to run I really don't want to shut it down, for fear it won't start. I did notice that when I clicked on links in wesites sometimes it took me to an ad. I am at my wits end and ready to throw the computer out the window, but thought I'd try your site first. Any help would be appreciated. Thank you. I attached the rkill log in case you want it. Rkill worked at first , but after running multiple times as you can see it started with the whole access denied and instalation failed problems.Sorry I'm rambling on...

Sharon

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 PM

Posted 21 January 2012 - 03:01 PM

Hi

see if you can navigate to these files > right click the files and rename them by adding the extension .bad onto the file name:


C:\ProgramData\gfUomFNvRQL.exe
C:\ProgramData\qUJaqyqBLMlGKb.exe



NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 maxiesox

maxiesox
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 January 2012 - 11:56 AM

Hi,
Thank you so much for helping me. I couldn't navigate to C:\gfUomFNvRQL.exe or find the file at all. I did find 3 instances of the qUJaqBLMlGKb and changed the extension to .bad on one of them there was an "r" at the end, but I still changed it.I don't know what script blocking is, but I ran the DDS and I'm attaching both files. I also ran the aswmbr and am attaching those two files as well. Thank you, thank you, thank you!

Sharon

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 PM

Posted 22 January 2012 - 12:56 PM

Hi

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 maxiesox

maxiesox
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 January 2012 - 04:47 PM

Hi,
Here is the tdss killer log. you said copy and paste so here it is:

15:44:42.0039 4604 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
15:44:42.0414 4604 ============================================================
15:44:42.0414 4604 Current date / time: 2012/01/22 15:44:42.0414
15:44:42.0414 4604 SystemInfo:
15:44:42.0414 4604
15:44:42.0414 4604 OS Version: 6.0.6002 ServicePack: 2.0
15:44:42.0414 4604 Product type: Workstation
15:44:42.0414 4604 ComputerName: HOME-PC
15:44:42.0414 4604 UserName: Home
15:44:42.0414 4604 Windows directory: C:\Windows
15:44:42.0414 4604 System windows directory: C:\Windows
15:44:42.0414 4604 Running under WOW64
15:44:42.0414 4604 Processor architecture: Intel x64
15:44:42.0414 4604 Number of processors: 4
15:44:42.0414 4604 Page size: 0x1000
15:44:42.0414 4604 Boot type: Normal boot
15:44:42.0414 4604 ============================================================
15:44:42.0929 4604 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:44:43.0147 4604 Initialize success
15:44:48.0248 5576 ============================================================
15:44:48.0248 5576 Scan started
15:44:48.0248 5576 Mode: Manual;
15:44:48.0248 5576 ============================================================
15:44:48.0607 5576 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:44:48.0607 5576 ACPI - ok
15:44:48.0669 5576 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:44:48.0669 5576 adp94xx - ok
15:44:48.0716 5576 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:44:48.0716 5576 adpahci - ok
15:44:48.0747 5576 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:44:48.0747 5576 adpu160m - ok
15:44:48.0763 5576 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:44:48.0779 5576 adpu320 - ok
15:44:48.0825 5576 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
15:44:48.0825 5576 AFD - ok
15:44:48.0872 5576 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:44:48.0872 5576 agp440 - ok
15:44:48.0888 5576 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:44:48.0888 5576 aic78xx - ok
15:44:48.0919 5576 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:44:48.0919 5576 aliide - ok
15:44:48.0950 5576 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:44:48.0950 5576 amdide - ok
15:44:48.0966 5576 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:44:48.0966 5576 AmdK8 - ok
15:44:48.0997 5576 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:44:48.0997 5576 arc - ok
15:44:49.0013 5576 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:44:49.0013 5576 arcsas - ok
15:44:49.0028 5576 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:44:49.0028 5576 AsyncMac - ok
15:44:49.0075 5576 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
15:44:49.0075 5576 atapi - ok
15:44:49.0137 5576 aykxmkuu (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\aykxmkuu.sys
15:44:49.0169 5576 aykxmkuu - ok
15:44:49.0215 5576 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:44:49.0215 5576 blbdrive - ok
15:44:49.0278 5576 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:44:49.0278 5576 bowser - ok
15:44:49.0293 5576 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:44:49.0293 5576 BrFiltLo - ok
15:44:49.0309 5576 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:44:49.0309 5576 BrFiltUp - ok
15:44:49.0340 5576 Bridge (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
15:44:49.0340 5576 Bridge - ok
15:44:49.0356 5576 BridgeMP (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
15:44:49.0356 5576 BridgeMP - ok
15:44:49.0387 5576 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:44:49.0403 5576 Brserid - ok
15:44:49.0418 5576 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:44:49.0418 5576 BrSerWdm - ok
15:44:49.0449 5576 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:44:49.0449 5576 BrUsbMdm - ok
15:44:49.0465 5576 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:44:49.0465 5576 BrUsbSer - ok
15:44:49.0481 5576 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:44:49.0481 5576 BTHMODEM - ok
15:44:49.0543 5576 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:44:49.0543 5576 cdfs - ok
15:44:49.0574 5576 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:44:49.0574 5576 cdrom - ok
15:44:49.0605 5576 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:44:49.0605 5576 circlass - ok
15:44:49.0637 5576 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:44:49.0652 5576 CLFS - ok
15:44:49.0699 5576 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:44:49.0699 5576 cmdide - ok
15:44:49.0715 5576 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
15:44:49.0730 5576 Compbatt - ok
15:44:49.0746 5576 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:44:49.0746 5576 crcdisk - ok
15:44:49.0793 5576 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:44:49.0793 5576 DfsC - ok
15:44:49.0839 5576 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:44:49.0839 5576 disk - ok
15:44:49.0902 5576 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:44:49.0902 5576 drmkaud - ok
15:44:49.0964 5576 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:44:49.0980 5576 DXGKrnl - ok
15:44:50.0011 5576 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:44:50.0011 5576 E1G60 - ok
15:44:50.0042 5576 EagleX64 - ok
15:44:50.0105 5576 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:44:50.0105 5576 Ecache - ok
15:44:50.0136 5576 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:44:50.0151 5576 elxstor - ok
15:44:50.0183 5576 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:44:50.0183 5576 ErrDev - ok
15:44:50.0214 5576 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:44:50.0229 5576 exfat - ok
15:44:50.0261 5576 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:44:50.0261 5576 fastfat - ok
15:44:50.0276 5576 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:44:50.0276 5576 fdc - ok
15:44:50.0307 5576 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:44:50.0307 5576 FileInfo - ok
15:44:50.0323 5576 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:44:50.0339 5576 Filetrace - ok
15:44:50.0339 5576 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:44:50.0354 5576 flpydisk - ok
15:44:50.0385 5576 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:44:50.0401 5576 FltMgr - ok
15:44:50.0463 5576 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
15:44:50.0463 5576 Fs_Rec - ok
15:44:50.0479 5576 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:44:50.0479 5576 gagp30kx - ok
15:44:50.0541 5576 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:44:50.0541 5576 GEARAspiWDM - ok
15:44:50.0635 5576 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:44:50.0651 5576 HDAudBus - ok
15:44:50.0682 5576 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:44:50.0682 5576 HidBth - ok
15:44:50.0697 5576 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:44:50.0697 5576 HidIr - ok
15:44:50.0744 5576 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
15:44:50.0744 5576 HidUsb - ok
15:44:50.0775 5576 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:44:50.0775 5576 HpCISSs - ok
15:44:50.0838 5576 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:44:50.0853 5576 HTTP - ok
15:44:50.0869 5576 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:44:50.0869 5576 i2omp - ok
15:44:50.0900 5576 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:50.0900 5576 i8042prt - ok
15:44:50.0947 5576 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:44:50.0947 5576 iaStorV - ok
15:44:50.0994 5576 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:44:50.0994 5576 iirsp - ok
15:44:51.0072 5576 IntcAzAudAddService (5f885046a7f420989c8366324fd2ef60) C:\Windows\system32\drivers\RTKVHD64.sys
15:44:51.0103 5576 IntcAzAudAddService - ok
15:44:51.0150 5576 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:44:51.0150 5576 intelide - ok
15:44:51.0181 5576 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:44:51.0181 5576 intelppm - ok
15:44:51.0228 5576 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:51.0228 5576 IpFilterDriver - ok
15:44:51.0259 5576 IpInIp - ok
15:44:51.0290 5576 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:44:51.0290 5576 IPMIDRV - ok
15:44:51.0306 5576 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:44:51.0321 5576 IPNAT - ok
15:44:51.0337 5576 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:44:51.0353 5576 IRENUM - ok
15:44:51.0384 5576 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:44:51.0384 5576 isapnp - ok
15:44:51.0415 5576 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:44:51.0415 5576 iScsiPrt - ok
15:44:51.0446 5576 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:44:51.0446 5576 iteatapi - ok
15:44:51.0462 5576 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:44:51.0462 5576 iteraid - ok
15:44:51.0493 5576 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:51.0493 5576 kbdclass - ok
15:44:51.0524 5576 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:51.0524 5576 kbdhid - ok
15:44:51.0571 5576 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
15:44:51.0587 5576 KSecDD - ok
15:44:51.0602 5576 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:44:51.0602 5576 ksthunk - ok
15:44:51.0665 5576 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:44:51.0665 5576 lltdio - ok
15:44:51.0711 5576 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:44:51.0711 5576 LSI_FC - ok
15:44:51.0743 5576 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:44:51.0743 5576 LSI_SAS - ok
15:44:51.0758 5576 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:44:51.0774 5576 LSI_SCSI - ok
15:44:51.0789 5576 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:44:51.0789 5576 luafv - ok
15:44:51.0836 5576 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:44:51.0836 5576 megasas - ok
15:44:51.0883 5576 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:44:51.0883 5576 MegaSR - ok
15:44:51.0914 5576 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:44:51.0914 5576 Modem - ok
15:44:51.0961 5576 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:44:51.0961 5576 monitor - ok
15:44:51.0992 5576 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:44:51.0992 5576 mouclass - ok
15:44:52.0023 5576 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:44:52.0023 5576 mouhid - ok
15:44:52.0039 5576 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:44:52.0055 5576 MountMgr - ok
15:44:52.0101 5576 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:44:52.0101 5576 MpFilter - ok
15:44:52.0133 5576 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:44:52.0133 5576 mpio - ok
15:44:52.0179 5576 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:44:52.0179 5576 MpNWMon - ok
15:44:52.0195 5576 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:44:52.0211 5576 mpsdrv - ok
15:44:52.0226 5576 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:44:52.0242 5576 Mraid35x - ok
15:44:52.0320 5576 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
15:44:52.0351 5576 MREMP50 - ok
15:44:52.0367 5576 MREMP50a64 - ok
15:44:52.0382 5576 MREMPR5 - ok
15:44:52.0382 5576 MRENDIS5 - ok
15:44:52.0398 5576 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
15:44:52.0429 5576 MRESP50 - ok
15:44:52.0429 5576 MRESP50a64 - ok
15:44:52.0476 5576 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:44:52.0476 5576 MRxDAV - ok
15:44:52.0523 5576 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:52.0523 5576 mrxsmb - ok
15:44:52.0554 5576 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:52.0569 5576 mrxsmb10 - ok
15:44:52.0585 5576 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:52.0601 5576 mrxsmb20 - ok
15:44:52.0616 5576 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:44:52.0616 5576 msahci - ok
15:44:52.0647 5576 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:44:52.0647 5576 msdsm - ok
15:44:52.0679 5576 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:44:52.0679 5576 Msfs - ok
15:44:52.0710 5576 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:44:52.0710 5576 msisadrv - ok
15:44:52.0757 5576 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:44:52.0757 5576 MSKSSRV - ok
15:44:52.0803 5576 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:52.0803 5576 MSPCLOCK - ok
15:44:52.0835 5576 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:44:52.0835 5576 MSPQM - ok
15:44:52.0866 5576 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:44:52.0881 5576 MsRPC - ok
15:44:52.0913 5576 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:44:52.0913 5576 mssmbios - ok
15:44:52.0928 5576 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:44:52.0928 5576 MSTEE - ok
15:44:52.0944 5576 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:44:52.0944 5576 Mup - ok
15:44:53.0006 5576 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:44:53.0006 5576 NativeWifiP - ok
15:44:53.0053 5576 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:44:53.0069 5576 NDIS - ok
15:44:53.0100 5576 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:53.0100 5576 NdisTapi - ok
15:44:53.0115 5576 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:53.0115 5576 Ndisuio - ok
15:44:53.0131 5576 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:53.0147 5576 NdisWan - ok
15:44:53.0162 5576 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:44:53.0162 5576 NDProxy - ok
15:44:53.0209 5576 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:44:53.0209 5576 NetBIOS - ok
15:44:53.0240 5576 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:44:53.0256 5576 netbt - ok
15:44:53.0318 5576 netr7364 (0e27af88b9c2291d2fde9faaebd2e9a3) C:\Windows\system32\DRIVERS\netr7364.sys
15:44:53.0334 5576 netr7364 - ok
15:44:53.0381 5576 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:44:53.0381 5576 nfrd960 - ok
15:44:53.0459 5576 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:44:53.0459 5576 NisDrv - ok
15:44:53.0505 5576 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:44:53.0505 5576 Npfs - ok
15:44:53.0521 5576 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:44:53.0521 5576 nsiproxy - ok
15:44:53.0599 5576 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:44:53.0630 5576 Ntfs - ok
15:44:53.0646 5576 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:44:53.0646 5576 Null - ok
15:44:53.0708 5576 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
15:44:53.0739 5576 NVENETFD - ok
15:44:54.0020 5576 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:44:54.0223 5576 nvlddmkm - ok
15:44:54.0317 5576 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:44:54.0317 5576 nvraid - ok
15:44:54.0379 5576 nvrd64 (011db85affd2368348181c552e025d98) C:\Windows\system32\drivers\nvrd64.sys
15:44:54.0379 5576 nvrd64 - ok
15:44:54.0410 5576 nvsmu (16d36074b84da72d160233c8d132dc89) C:\Windows\system32\DRIVERS\nvsmu.sys
15:44:54.0410 5576 nvsmu - ok
15:44:54.0441 5576 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:44:54.0441 5576 nvstor - ok
15:44:54.0441 5576 nvstor64 (fa6d13aa972967eb46862d0f0372a65a) C:\Windows\system32\drivers\nvstor64.sys
15:44:54.0457 5576 nvstor64 - ok
15:44:54.0473 5576 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:44:54.0473 5576 nv_agp - ok
15:44:54.0488 5576 NwlnkFlt - ok
15:44:54.0504 5576 NwlnkFwd - ok
15:44:54.0566 5576 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:44:54.0566 5576 ohci1394 - ok
15:44:54.0613 5576 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:44:54.0613 5576 Parport - ok
15:44:54.0629 5576 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
15:44:54.0629 5576 partmgr - ok
15:44:54.0707 5576 PCD5SRVC{8AAF211B-043E02A9-05040000} (7204f835a4355d1ab2853e57c9ff177c) C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
15:44:54.0738 5576 PCD5SRVC{8AAF211B-043E02A9-05040000} - ok
15:44:54.0769 5576 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:44:54.0769 5576 pci - ok
15:44:54.0785 5576 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:44:54.0800 5576 pciide - ok
15:44:54.0816 5576 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:44:54.0831 5576 pcmcia - ok
15:44:54.0863 5576 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:44:54.0878 5576 PEAUTH - ok
15:44:54.0987 5576 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:44:54.0987 5576 PptpMiniport - ok
15:44:55.0003 5576 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
15:44:55.0019 5576 Processor - ok
15:44:55.0081 5576 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
15:44:55.0081 5576 Ps2 - ok
15:44:55.0128 5576 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:44:55.0128 5576 PSched - ok
15:44:55.0190 5576 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:44:55.0221 5576 ql2300 - ok
15:44:55.0237 5576 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:44:55.0237 5576 ql40xx - ok
15:44:55.0268 5576 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:44:55.0268 5576 QWAVEdrv - ok
15:44:55.0284 5576 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:44:55.0284 5576 RasAcd - ok
15:44:55.0299 5576 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:55.0299 5576 Rasl2tp - ok
15:44:55.0331 5576 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:55.0331 5576 RasPppoe - ok
15:44:55.0346 5576 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:44:55.0346 5576 RasSstp - ok
15:44:55.0393 5576 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:44:55.0393 5576 rdbss - ok
15:44:55.0409 5576 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:55.0409 5576 RDPCDD - ok
15:44:55.0455 5576 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:44:55.0455 5576 rdpdr - ok
15:44:55.0471 5576 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:44:55.0471 5576 RDPENCDD - ok
15:44:55.0518 5576 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
15:44:55.0518 5576 RDPWD - ok
15:44:55.0596 5576 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:44:55.0596 5576 rspndr - ok
15:44:55.0658 5576 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:44:55.0674 5576 sbp2port - ok
15:44:55.0752 5576 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:44:55.0767 5576 secdrv - ok
15:44:55.0799 5576 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:44:55.0814 5576 Serenum - ok
15:44:55.0861 5576 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:44:55.0861 5576 Serial - ok
15:44:55.0892 5576 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:44:55.0892 5576 sermouse - ok
15:44:55.0923 5576 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:44:55.0939 5576 sffdisk - ok
15:44:55.0955 5576 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:44:55.0955 5576 sffp_mmc - ok
15:44:55.0970 5576 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:44:55.0970 5576 sffp_sd - ok
15:44:55.0986 5576 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:44:55.0986 5576 sfloppy - ok
15:44:56.0017 5576 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:44:56.0017 5576 SiSRaid2 - ok
15:44:56.0048 5576 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:44:56.0048 5576 SiSRaid4 - ok
15:44:56.0095 5576 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:44:56.0095 5576 Smb - ok
15:44:56.0142 5576 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:44:56.0142 5576 spldr - ok
15:44:56.0204 5576 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:44:56.0220 5576 srv - ok
15:44:56.0251 5576 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:44:56.0251 5576 srv2 - ok
15:44:56.0267 5576 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:44:56.0282 5576 srvnet - ok
15:44:56.0329 5576 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
15:44:56.0329 5576 StillCam - ok
15:44:56.0345 5576 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:44:56.0345 5576 swenum - ok
15:44:56.0376 5576 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:44:56.0376 5576 Symc8xx - ok
15:44:56.0407 5576 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:44:56.0407 5576 Sym_hi - ok
15:44:56.0438 5576 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:44:56.0438 5576 Sym_u3 - ok
15:44:56.0610 5576 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
15:44:56.0625 5576 Tcpip - ok
15:44:56.0657 5576 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
15:44:56.0672 5576 Tcpip6 - ok
15:44:56.0688 5576 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
15:44:56.0703 5576 tcpipreg - ok
15:44:56.0735 5576 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:44:56.0735 5576 TDPIPE - ok
15:44:56.0766 5576 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:44:56.0766 5576 TDTCP - ok
15:44:56.0797 5576 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:44:56.0797 5576 tdx - ok
15:44:56.0844 5576 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:44:56.0844 5576 TermDD - ok
15:44:56.0875 5576 TFsExDisk - ok
15:44:56.0937 5576 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:56.0937 5576 tssecsrv - ok
15:44:56.0969 5576 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:44:56.0969 5576 tunmp - ok
15:44:57.0031 5576 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:44:57.0031 5576 tunnel - ok
15:44:57.0047 5576 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:44:57.0062 5576 uagp35 - ok
15:44:57.0078 5576 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:44:57.0093 5576 udfs - ok
15:44:57.0125 5576 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:44:57.0125 5576 uliagpkx - ok
15:44:57.0156 5576 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:44:57.0171 5576 uliahci - ok
15:44:57.0203 5576 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:44:57.0203 5576 UlSata - ok
15:44:57.0234 5576 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:44:57.0249 5576 ulsata2 - ok
15:44:57.0265 5576 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:44:57.0281 5576 umbus - ok
15:44:57.0312 5576 umurkdzs (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\umurkdzs.sys
15:44:57.0327 5576 umurkdzs - ok
15:44:57.0374 5576 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:44:57.0374 5576 USBAAPL64 - ok
15:44:57.0421 5576 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:57.0437 5576 usbccgp - ok
15:44:57.0452 5576 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:44:57.0452 5576 usbcir - ok
15:44:57.0499 5576 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:44:57.0499 5576 usbehci - ok
15:44:57.0546 5576 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:44:57.0546 5576 usbhub - ok
15:44:57.0577 5576 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
15:44:57.0577 5576 usbohci - ok
15:44:57.0593 5576 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
15:44:57.0593 5576 usbprint - ok
15:44:57.0639 5576 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:57.0639 5576 USBSTOR - ok
15:44:57.0655 5576 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:57.0655 5576 usbuhci - ok
15:44:57.0686 5576 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:57.0686 5576 vga - ok
15:44:57.0702 5576 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:44:57.0717 5576 VgaSave - ok
15:44:57.0733 5576 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:44:57.0733 5576 viaide - ok
15:44:57.0749 5576 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:44:57.0749 5576 volmgr - ok
15:44:57.0780 5576 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:44:57.0795 5576 volmgrx - ok
15:44:57.0811 5576 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:44:57.0811 5576 volsnap - ok
15:44:57.0842 5576 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:44:57.0842 5576 vsmraid - ok
15:44:57.0873 5576 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:44:57.0873 5576 WacomPen - ok
15:44:57.0936 5576 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:57.0936 5576 Wanarp - ok
15:44:57.0936 5576 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:57.0936 5576 Wanarpv6 - ok
15:44:57.0967 5576 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:44:57.0967 5576 Wd - ok
15:44:57.0998 5576 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:44:58.0014 5576 Wdf01000 - ok
15:44:58.0061 5576 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:44:58.0061 5576 WmiAcpi - ok
15:44:58.0123 5576 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:44:58.0123 5576 WpdUsb - ok
15:44:58.0154 5576 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:44:58.0154 5576 ws2ifsl - ok
15:44:58.0201 5576 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:58.0201 5576 WUDFRd - ok
15:44:58.0232 5576 xfqatiwp (a412d2fd7c0e1b50a7845fa083894223) C:\Windows\system32\drivers\xfqatiwp.sys
15:44:58.0263 5576 xfqatiwp - ok
15:44:58.0279 5576 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
15:44:58.0778 5576 \Device\Harddisk0\DR0 - ok
15:44:58.0778 5576 Boot (0x1200) (b22262aa4da80dfb54918ec376be51c9) \Device\Harddisk0\DR0\Partition0
15:44:58.0778 5576 \Device\Harddisk0\DR0\Partition0 - ok
15:44:58.0794 5576 Boot (0x1200) (27dade4585d9722890f92b81874096d1) \Device\Harddisk0\DR0\Partition1
15:44:58.0794 5576 \Device\Harddisk0\DR0\Partition1 - ok
15:44:58.0794 5576 ============================================================
15:44:58.0794 5576 Scan finished
15:44:58.0794 5576 ============================================================
15:44:58.0809 3908 Detected object count: 0
15:44:58.0809 3908 Actual detected object count: 0
15:45:34.0752 3560 Deinitialize success


I ran the combofix and have attached the log

Attached Files

  • Attached File  log.txt   12.25KB   1 downloads


#6 maxiesox

maxiesox
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 January 2012 - 04:56 PM

Also I turned on my firewall and antivirus stuff back on and just got the alert message from microsoft security essentials that it detected 1 threat DOD/Alureon.E, when I clicked on details it says items boot:\Device\HarddiskVolume 3. I did not do anything because I am going to wait on instructions from you. Thanks.

oops, I meant to say DOS/Alureon.E

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 PM

Posted 22 January 2012 - 07:52 PM

Hi

Please do the following:

Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.


NEXT




submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file c:\windows\is-90U1H.exe
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 maxiesox

maxiesox
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 January 2012 - 09:21 AM

Hi,
I ran listparts64 and it created the txt file(attached) the program has a button that says fix. Should I click on this before I run the virustotal program?

Attached Files



#9 maxiesox

maxiesox
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 January 2012 - 09:23 AM

Sorry I didnt read your instructions correctly. I will submit the txt file to virustool before doing anything

#10 maxiesox

maxiesox
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 January 2012 - 09:27 AM

Hi,
Ok I submitted and ran the file. Here it is:



× Analysis completed.

SHA256: bdc8dfb25aa543c04316b286088448c8f025749a524b0d2f56e15147973d0196
SHA1: 88b83a2339e2cabbacc80093c419702d9d20145c
MD5: 2c7d697bc2bf97724459d1b7eaf2ee2e
File size: 2.2 KB ( 2253 bytes )
File type: Text
Detection ratio: 0 / 42
Analysis date: 2012-01-23 14:23:45 UTC ( 0 minutes ago )

00
Antivirus Result Update
AhnLab-V3 - 20120122
AntiVir - 20120123
Antiy-AVL - 20120123
Avast - 20120123
AVG - 20120123
BitDefender - 20120123
ByteHero - 20120111
CAT-QuickHeal - 20120123
ClamAV - 20120123
Commtouch - 20120123
Comodo - 20120123
DrWeb - 20120123
Emsisoft - 20120123
eSafe - 20120123
eTrust-Vet - 20120123
F-Prot - 20120122
F-Secure - 20120123
Fortinet - 20120123
GData - 20120123
Ikarus - 20120123
Jiangmin - 20120122
K7AntiVirus - 20120120
Kaspersky - 20120123
McAfee - 20120123
McAfee-GW-Edition - 20120122
Microsoft - 20120123
NOD32 - 20120123
Norman - 20120123
nProtect - 20120123
Panda - 20120122
PCTools - 20120123
Rising - 20120118
Sophos - 20120123
SUPERAntiSpyware - 20120122
Symantec - 20120123
TheHacker - 20120123
TrendMicro - 20120123
TrendMicro-HouseCall - 20120123
VBA32 - 20120123
VIPRE - 20120123
ViRobot - 20120123
VirusBuster - 20120122

Comments
Additional information
No comments

More comments
Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼
Remove Formatting


Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community An error occurred Blog | Twitter | contact@virustotal.com| TOS & Privacy Policy

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 PM

Posted 23 January 2012 - 05:50 PM

Please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 maxiesox

maxiesox
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 23 January 2012 - 10:01 PM

Hi,
Here is the malwarebytes log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
Home :: HOME-PC [administrator]

1/23/2012 7:34:40 PM
mbam-log-2012-01-23 (19-34-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203790
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\MapleStory\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sharon\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Sharon\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Sharon\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)



Here is the esetscan report

C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\26fdf2a2-766d7a60 Java/Agent.DW trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-2bde1f64 a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-3cbbb8d0 a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-4567c81a a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-4e9ebbff a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-66b947ef a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-77bbf5dd a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\6f962db8-63528d69 multiple threats
C:\Users\Home\Desktop\Improve Your PC.lnk LNK/URL.B trojan


Thanks!

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 PM

Posted 23 January 2012 - 10:07 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\26fdf2a2-766d7a60 
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-2bde1f64 
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-3cbbb8d0 
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-4567c81a 
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-4e9ebbff 
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-66b947ef 
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-77bbf5dd 
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\6f962db8-63528d69 
C:\Users\Home\Desktop\Improve Your PC.lnk 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Please advise how the computer is running now

Is MSSE still detecting threats? If so what is the full path of the detection?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 maxiesox

maxiesox
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 24 January 2012 - 10:23 AM

Hi,
The system check problem is gone, I still keep getting an alert that there is a virus DOS/Alureon.E on my computer, I did not say clean because I will await instructions from you.
The path says

boot:\\.\PhysicalDrive0\Partition1(type17)

Here are the results from the combofix:

ComboFix 12-01-23.02 - Home 01/24/2012 9:50.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4425 [GMT -5:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
Command switches used :: c:\users\Home\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\26fdf2a2-766d7a60"
"c:\users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-2bde1f64"
"c:\users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-3cbbb8d0"
"c:\users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-4567c81a"
"c:\users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-4e9ebbff"
"c:\users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-66b947ef"
"c:\users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-77bbf5dd"
"c:\users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\6f962db8-63528d69"
"c:\users\Home\Desktop\Improve Your PC.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MapleStory\aossdk.dll
c:\users\MapleStory\ASPLnchr.exe
c:\users\MapleStory\bdvid32.dll
c:\users\MapleStory\bz32ex.dll
c:\users\MapleStory\Canvas.dll
c:\users\MapleStory\d3dx9_31.dll
c:\users\MapleStory\eTracer.aes
c:\users\MapleStory\GameLauncher.exe
c:\users\MapleStory\Gr2D_DX8.dll
c:\users\MapleStory\Gr2D_DX9.dll
c:\users\MapleStory\ijl15.dll
c:\users\MapleStory\l3codeca.acm
c:\users\MapleStory\MapleStory.exe
c:\users\MapleStory\mss32.dll
c:\users\MapleStory\msvcm90.dll
c:\users\MapleStory\msvcp90.dll
c:\users\MapleStory\msvcr90.dll
c:\users\MapleStory\NameSpace.dll
c:\users\MapleStory\nmcogame.dll
c:\users\MapleStory\nmconew.dll
c:\users\MapleStory\Patcher.exe
c:\users\MapleStory\PCOM.dll
c:\users\MapleStory\ResMan.dll
c:\users\MapleStory\Shape2D.dll
c:\users\MapleStory\Sound_DX8.dll
c:\users\MapleStory\StmOCX.dll
c:\users\MapleStory\suipre.dll
c:\users\MapleStory\v3hunt.dll
c:\users\MapleStory\WzFlashRenderer.dll
c:\users\MapleStory\ZLZ.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 14:59 . 2012-01-24 14:59 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B42CA5-498B-4430-A260-A19950FE6257}\offreg.dll
2012-01-24 14:58 . 2012-01-24 14:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-24 14:58 . 2012-01-24 14:58 -------- d-----w- c:\users\Sharon\AppData\Local\temp
2012-01-24 14:58 . 2012-01-24 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 12:29 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B42CA5-498B-4430-A260-A19950FE6257}\mpengine.dll
2012-01-24 00:47 . 2012-01-24 00:47 -------- d-----w- c:\program files (x86)\ESET
2012-01-22 23:13 . 2012-01-24 14:57 -------- d-----w- c:\users\MapleStory
2012-01-22 21:35 . 2012-01-24 15:02 -------- d-----w- c:\users\Home\AppData\Local\temp
2012-01-22 17:40 . 2012-01-22 18:01 -------- d-----w- c:\users\Sharon\garretts homework
2012-01-22 08:29 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-22 08:29 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-22 08:29 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-22 08:29 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-22 08:29 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-22 08:29 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-22 08:29 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-22 08:29 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-22 08:29 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-20 23:28 . 2012-01-20 23:28 -------- d-----w- C:\found.000
2012-01-18 19:46 . 2012-01-18 19:46 709968 ----a-w- c:\windows\is-90U1H.exe
2011-12-28 14:57 . 2011-12-28 14:57 -------- d-----w- c:\users\Home\.morena
2011-12-28 14:57 . 2012-01-12 22:02 -------- d-----w- c:\users\Home\.epaysol
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 05:15 . 2011-03-21 15:37 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-10 20:24 . 2010-03-08 16:17 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:57 . 2011-12-14 22:06 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 12:38 . 2011-11-09 12:38 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-08 14:58 . 2011-12-14 22:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 22:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-03 06:55 . 2011-12-14 22:06 1147392 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:50 . 2011-12-14 22:06 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:49 . 2011-12-14 22:06 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:49 . 2011-12-14 22:06 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 06:49 . 2011-12-14 22:06 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:22 . 2011-12-14 22:06 916992 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 06:17 . 2011-12-14 22:06 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-03 06:17 . 2011-12-14 22:06 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 06:17 . 2011-12-14 22:06 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-03 06:17 . 2011-12-14 22:06 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-03 05:54 . 2011-12-14 22:06 479232 ----a-w- c:\windows\system32\html.iec
2011-11-03 05:22 . 2011-12-14 22:06 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-11-03 05:11 . 2011-12-14 22:06 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 05:10 . 2011-12-14 22:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 04:45 . 2011-12-14 22:06 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-03 04:43 . 2011-12-14 22:06 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-22_21.28.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-01-24 12:36 83124 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-24 12:36 75766 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-28 02:37 . 2012-01-24 12:36 21968 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3314713242-4224963250-1732401261-1000_UserData.bin
- 2009-05-28 02:36 . 2012-01-22 21:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-28 02:36 . 2012-01-24 14:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-28 02:36 . 2012-01-24 14:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-28 02:36 . 2012-01-22 21:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-28 02:36 . 2012-01-24 14:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-28 02:36 . 2012-01-22 21:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 20:25 . 2012-01-19 02:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 20:25 . 2012-01-24 02:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 20:25 . 2012-01-19 02:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 20:25 . 2012-01-24 02:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 20:25 . 2012-01-24 02:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 20:25 . 2012-01-19 02:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-01 18:29 . 2012-01-18 18:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-01 18:29 . 2012-01-22 22:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-01 18:29 . 2012-01-18 18:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 18:29 . 2012-01-22 22:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-22 21:27 . 2012-01-22 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-24 14:59 . 2012-01-24 14:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-24 14:59 . 2012-01-24 14:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-22 21:27 . 2012-01-22 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-01-20 23:38 609268 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-24 14:36 609268 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-20 23:38 105808 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-01-24 14:36 105808 c:\windows\system32\perfc009.dat
- 2006-11-02 12:33 . 2012-01-22 21:26 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-01-23 08:16 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 23:36]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28 23:36]
.
2012-01-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Den%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&hl=en
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3314713242-4224963250-1732401261-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,be,f4,eb,ea,d6,8d,34,3f,15,4e,7e,1f,a4,af,b8,e3,c9,3f,23,d4,
f5,7e,b3,d5,bd,dc,12,72,3c,1d,b3,68,8b,29,0d,00,b0,91,1d,58,fa,18,5f,4c,90,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-01-24 10:06:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 15:06
ComboFix2.txt 2012-01-22 21:34
.
Pre-Run: 454,654,558,208 bytes free
Post-Run: 454,535,229,440 bytes free
.
- - End Of File - - 67D4BCFA9A306BEA5FB415922D6B7FBF

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:44 PM

Posted 24 January 2012 - 07:02 PM

I still keep getting an alert that there is a virus DOS/Alureon.E on my computer, I did not say clean because I will await instructions from you.
The path says boot:\\.\PhysicalDrive0\Partition1(type17)


That drive is your hidden restore partition, so don't agree to clean it at the moment

I'd like to run this by some expert colleagues of mine first. I'm not sure if this a new variant of malware that is infecting (or causing a false detection) the restore partition so that if you tell an AV to "clean" the infection the partition will be wiped or corrupted

so bear with me till I have some more opinions on this

thanks

In the meantime update the following programs:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586.exe to install the newest version.
[list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users