Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new member with a problem


  • This topic is locked This topic is locked
8 replies to this topic

#1 mugwamp

mugwamp

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 02 March 2012 - 08:42 AM

hello, I come on bended knee. Can anyone help deal with 'Alureon.E'? I installed Microsoft Secirity Essentials and the scan reported Alureon.E with the Error Code 0x800704ec. A scan using malwarebytes was clean. scan with McAfee was also clean. Only Essentials found the virus but can't remove it.
McAfee was completely removed and replaced with Microsoft Security Essentials because of smaller system footprint. I really need help.

Edited by hamluis, 02 March 2012 - 09:51 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:59 PM

Posted 02 March 2012 - 10:40 AM

Hello and welcome.. Lets take a look.
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


>>>
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these [COLOR=blue]instructions
for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 02 March 2012 - 01:01 PM

Thank you for responding to my desperate cry. I downloaded MiniToolBox, tdsskiller, and SUPERAntiSpyware (free edition). I am pasting the results of the first two. SUPERAntiSpyware would not complete the scan. I enabled Rescue Scan and followed your directions for Scanning Control. It would hang at different locations, ran the scan four times.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Mike (administrator) on 02-03-2012 at 11:36:33
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Ralink Turbo Wireless LAN Card = Wireless Network Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : MIKE-67563D2DED

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-1A-4D-9B-03-E1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Friday, March 02, 2012 7:04:09 AM

Lease Expires . . . . . . . . . . : Saturday, March 03, 2012 7:04:09 AM

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.98, 74.125.225.99, 74.125.225.100, 74.125.225.101
74.125.225.102, 74.125.225.103, 74.125.225.104, 74.125.225.105, 74.125.225.110
74.125.225.96, 74.125.225.97



Pinging google.com [74.125.225.73] with 32 bytes of data:



Reply from 74.125.225.73: bytes=32 time=22ms TTL=55

Reply from 74.125.225.73: bytes=32 time=19ms TTL=55



Ping statistics for 74.125.225.73:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 22ms, Average = 20ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 98.139.127.62



Pinging yahoo.com [98.139.127.62] with 32 bytes of data:



Reply from 98.139.127.62: bytes=32 time=77ms TTL=52

Reply from 98.139.127.62: bytes=32 time=86ms TTL=52



Ping statistics for 98.139.127.62:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 77ms, Maximum = 86ms, Average = 81ms

Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a 4d 9b 03 e1 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.64 192.168.1.64 20
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/02/2012 11:33:52 AM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8101.0, P3 1.121.737.0, P4 1.121.737.0, P5 200015b3e9679dd8_9cca347a4659301f89105a5433539e9cad150c69, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (03/02/2012 06:00:15 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80501001applyactionscmainwindow__onblockingthreatsactioncomplete0security essentialsNILNILNIL

Error: (03/01/2012 05:20:47 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4 3, P5 1, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/01/2012 05:08:10 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x80070005morrobootstraper__cinstallflow__onflowsuccess - getinitialexperienceactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (03/01/2012 05:07:53 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2012 04:03:22 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/28/2012 00:46:50 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/27/2012 08:07:33 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19190, fault address 0x000de25d.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/26/2012 09:34:46 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80501001applyactionscthreatdialog__onallactionscomplete0security essentialsNILNILNIL

Error: (02/26/2012 09:23:54 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (03/02/2012 10:45:58 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/02/2012 07:14:32 AM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {DF46DCDE-BBC0-4F3E-8502-B2FCB773BE91}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {DF46DCDE-BBC0-4F3E-8502-B2FCB773BE91}1

Action Status: {DF46DCDE-BBC0-4F3E-8502-B2FCB773BE91}8

Error Code: {DF46DCDE-BBC0-4F3E-8502-B2FCB773BE91}3

Error description: {DF46DCDE-BBC0-4F3E-8502-B2FCB773BE91}4

Signature Version: 2012-03-02T12:04:27.640Z1

Engine Version: 2012-03-02T12:04:27.640Z2

Error: (03/02/2012 06:12:16 AM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {6B6935F8-AA87-4D25-BB4B-F0EBF77BA12E}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {6B6935F8-AA87-4D25-BB4B-F0EBF77BA12E}1

Action Status: {6B6935F8-AA87-4D25-BB4B-F0EBF77BA12E}8

Error Code: {6B6935F8-AA87-4D25-BB4B-F0EBF77BA12E}3

Error description: {6B6935F8-AA87-4D25-BB4B-F0EBF77BA12E}4

Signature Version: 2012-03-02T11:02:11.375Z1

Engine Version: 2012-03-02T11:02:11.375Z2

Error: (03/02/2012 06:00:15 AM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}1

Action Status: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}8

Error Code: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}3

Error description: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}4

Signature Version: 2012-03-02T10:58:51.640Z1

Engine Version: 2012-03-02T10:58:51.640Z2

Error: (03/02/2012 06:00:15 AM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}1

Action Status: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}8

Error Code: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}3

Error description: {1262A12E-354A-42D6-8CAD-F9B3A4298EA4}4

Signature Version: 2012-03-02T10:58:51.640Z1

Engine Version: 2012-03-02T10:58:51.640Z2

Error: (03/01/2012 05:30:20 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {3B6F96B7-4E5A-44AD-B9F6-E7278B9E4DCB}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {3B6F96B7-4E5A-44AD-B9F6-E7278B9E4DCB}1

Action Status: {3B6F96B7-4E5A-44AD-B9F6-E7278B9E4DCB}8

Error Code: {3B6F96B7-4E5A-44AD-B9F6-E7278B9E4DCB}3

Error description: {3B6F96B7-4E5A-44AD-B9F6-E7278B9E4DCB}4

Signature Version: 2012-03-01T22:20:16.009Z1

Engine Version: 2012-03-01T22:20:16.009Z2

Error: (03/01/2012 05:00:07 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.20 for the Network Card with network address 001A4D9B03E1 has been
denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (03/01/2012 11:33:53 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/01/2012 11:33:53 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/01/2012 11:33:52 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (03/02/2012 11:33:52 AM) (Source: MPSampleSubmission)(User: )
Description: avsubmitmicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)1.1.8101.01.121.737.01.121.737.0200015b3e9679dd8_9cca347a4659301f89105a5433539e9cad150c69NILNILNILNILNIL

Error: (03/02/2012 06:00:15 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80501001applyactionscmainwindow__onblockingthreatsactioncomplete0security essentialsNILNILNIL

Error: (03/01/2012 05:20:47 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0moaccapability3.0.8402.031unspecifiedunspecifiedNILNILNIL

Error: (03/01/2012 05:08:10 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe2.1.1116.00x80070005morrobootstraper__cinstallflow__onflowsuccess - getinitialexperienceactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (03/01/2012 05:07:53 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (02/28/2012 04:03:22 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (02/28/2012 00:46:50 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80072efdendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/27/2012 08:07:33 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.19190000de25d

Error: (02/26/2012 09:34:46 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80501001applyactionscthreatdialog__onallactionscomplete0security essentialsNILNILNIL

Error: (02/26/2012 09:23:54 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.1)
3Dconnexion 3DxOffice (Version: 3.0.9)
3Dconnexion 3DxWare (Version: 5.09.0002)
3Dconnexion Add-In for AutoCAD (Version: 3.2.8)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Photoshop Elements (Version: 1.0)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe SVG Viewer (Version: 1.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
att.net Toolbar
AutoCAD 2000 Migration Assistance
BicycleŽ Rummy
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (Version: 1.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.0.0.20)
Canon Personal Printing Guide (Version: 1.0.0.1)
Canon PowerShot A1100 IS Camera User Guide (Version: 1.0.0.1)
Canon Utilities CameraWindow (Version: 7.2.0.2)
Canon Utilities CameraWindow DC (Version: 7.4.0.9)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities MyCamera (Version: 7.2.0.4)
Canon Utilities MyCamera DC (Version: 7.2.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities ZoomBrowser EX (Version: 6.3.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.0.9)
CutePDF Writer 2.8
Dassault Systemes Software B03
Deutz Engine
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD (Version: 1.31.000)
EPSON Printer Software
ESPR320 Reference Guide
EVGA Display Driver (Version: 1.00.000)
FormatFactory 2.80 (Version: 2.80)
Google Chrome (Version: 17.0.963.56)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.11752)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2614.234)
Google Update Helper (Version: 1.3.21.99)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
hp officejet g series
hp officejet g series - 2
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Jigs@w Puzzle
Jigs@w Puzzle 2
LightScribe 1.4.136.1 (Version: 1.4.136.1)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Minolta DiMAGE Scan Dual3 ver 1.0
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nero 7 Essentials (Version: 7.02.5017)
NVIDIA Drivers
Photo Story 3 for Windows (Version: 3.0.1115.11)
Pinnacle Instant DVD Recorder (Version: 2.6.0.118)
Pinnacle Studio 12 (Version: 12.1.3.6605)
Pinnacle Video Driver (Version: 12.1.0.029)
PowerDVD
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 5.10.0.5286)
SureThing Express Labeler
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (3821b) (Version: 6.01.00.1234)
WebFldrs XP (Version: 9.50.7523)
Western Digital USB 3.0 Host Controller Driver (Version: 1.0.18.0)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools (Version: 5.2.3790)
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.0.0.238)
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 3583.48 MB
Available physical RAM: 2779.9 MB
Total Pagefile: 5465.8 MB
Available Pagefile: 4805.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.02 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.88 GB) (Free:186.5 GB) NTFS
3 Drive d: () (Fixed) (Total:439.45 GB) (Free:424.06 GB) NTFS
4 Drive e: () (Fixed) (Total:492.06 GB) (Free:486.37 GB) NTFS
5 Drive f: (Oblivion GOTY 1) (CDROM) (Total:4.16 GB) (Free:0 GB) UDF
7 Drive i: (My Book 3.0) (Fixed) (Total:931.51 GB) (Free:864.65 GB) NTFS

========================= Users: ========================================

User accounts for \\MIKE-67563D2DED

Administrator Guest HelpAssistant
Mike SUPPORT_388945a0


**** End of log ****


12:58:40.0640 1812 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
12:58:40.0968 1812 ============================================================
12:58:40.0968 1812 Current date / time: 2012/03/02 12:58:40.0968
12:58:40.0968 1812 SystemInfo:
12:58:40.0968 1812
12:58:40.0968 1812 OS Version: 5.1.2600 ServicePack: 3.0
12:58:40.0968 1812 Product type: Workstation
12:58:40.0968 1812 ComputerName: MIKE-67563D2DED
12:58:40.0968 1812 UserName: Mike
12:58:40.0968 1812 Windows directory: C:\WINDOWS
12:58:40.0968 1812 System windows directory: C:\WINDOWS
12:58:40.0968 1812 Processor architecture: Intel x86
12:58:40.0968 1812 Number of processors: 2
12:58:40.0968 1812 Page size: 0x1000
12:58:40.0968 1812 Boot type: Normal boot
12:58:40.0968 1812 ============================================================
12:58:41.0546 1812 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:58:41.0546 1812 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
12:58:41.0546 1812 Drive \Device\Harddisk2\DR6 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:58:41.0546 1812 \Device\Harddisk0\DR0:
12:58:41.0546 1812 MBR used
12:58:41.0546 1812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
12:58:41.0546 1812 \Device\Harddisk1\DR1:
12:58:41.0546 1812 MBR used
12:58:41.0546 1812 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36EE80E1
12:58:41.0546 1812 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x36EE815F, BlocksNum 0x3D81E861
12:58:41.0546 1812 \Device\Harddisk2\DR6:
12:58:41.0546 1812 MBR used
12:58:41.0546 1812 \Device\Harddisk2\DR6\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
12:58:41.0562 1812 Initialize success
12:58:41.0562 1812 ============================================================

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:59 PM

Posted 02 March 2012 - 01:50 PM

You're welcome. That doesn't look like a complete TDSS log.

Did you run a Full scan with MalwareBytes when you ran it?

Did you run the SAS scan yet?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 02 March 2012 - 03:38 PM

I'm including the log of a full Malwarebytes scan. I indicated in my last post that SAS won't run it hangs at random locations . I tried it four times. I've reposted the result of the TDSS scan.



15:35:19.0046 3136 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
15:35:19.0312 3136 ============================================================
15:35:19.0312 3136 Current date / time: 2012/03/02 15:35:19.0312
15:35:19.0312 3136 SystemInfo:
15:35:19.0312 3136
15:35:19.0312 3136 OS Version: 5.1.2600 ServicePack: 3.0
15:35:19.0312 3136 Product type: Workstation
15:35:19.0312 3136 ComputerName: MIKE-67563D2DED
15:35:19.0312 3136 UserName: Mike
15:35:19.0312 3136 Windows directory: C:\WINDOWS
15:35:19.0312 3136 System windows directory: C:\WINDOWS
15:35:19.0312 3136 Processor architecture: Intel x86
15:35:19.0312 3136 Number of processors: 2
15:35:19.0312 3136 Page size: 0x1000
15:35:19.0312 3136 Boot type: Normal boot
15:35:19.0312 3136 ============================================================
15:35:19.0765 3136 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:35:19.0781 3136 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
15:35:19.0781 3136 \Device\Harddisk0\DR0:
15:35:19.0781 3136 MBR used
15:35:19.0781 3136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
15:35:19.0781 3136 \Device\Harddisk1\DR1:
15:35:19.0781 3136 MBR used
15:35:19.0781 3136 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36EE80E1
15:35:19.0781 3136 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x36EE815F, BlocksNum 0x3D81E861
15:35:19.0812 3136 Initialize success
15:35:19.0812 3136 ============================================================
15:35:21.0437 2852 ============================================================
15:35:21.0437 2852 Scan started
15:35:21.0437 2852 Mode: Manual;
15:35:21.0437 2852 ============================================================
15:35:21.0875 2852 Abiosdsk - ok
15:35:21.0875 2852 abp480n5 - ok
15:35:21.0937 2852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:35:21.0937 2852 ACPI - ok
15:35:21.0968 2852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:35:21.0968 2852 ACPIEC - ok
15:35:21.0984 2852 adpu160m - ok
15:35:22.0015 2852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:35:22.0015 2852 aec - ok
15:35:22.0078 2852 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:35:22.0078 2852 AFD - ok
15:35:22.0078 2852 Aha154x - ok
15:35:22.0093 2852 aic78u2 - ok
15:35:22.0093 2852 aic78xx - ok
15:35:22.0109 2852 AliIde - ok
15:35:22.0156 2852 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:35:22.0156 2852 AmdK8 - ok
15:35:22.0156 2852 amsint - ok
15:35:22.0171 2852 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:35:22.0171 2852 Arp1394 - ok
15:35:22.0171 2852 asc - ok
15:35:22.0187 2852 asc3350p - ok
15:35:22.0187 2852 asc3550 - ok
15:35:22.0218 2852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:35:22.0218 2852 AsyncMac - ok
15:35:22.0234 2852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:35:22.0234 2852 atapi - ok
15:35:22.0234 2852 Atdisk - ok
15:35:22.0265 2852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:35:22.0265 2852 Atmarpc - ok
15:35:22.0312 2852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:35:22.0312 2852 audstub - ok
15:35:22.0359 2852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:35:22.0359 2852 Beep - ok
15:35:22.0500 2852 catchme - ok
15:35:22.0546 2852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:35:22.0546 2852 cbidf2k - ok
15:35:22.0546 2852 cd20xrnt - ok
15:35:22.0578 2852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:35:22.0578 2852 Cdaudio - ok
15:35:22.0593 2852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:35:22.0593 2852 Cdfs - ok
15:35:22.0609 2852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:35:22.0609 2852 Cdrom - ok
15:35:22.0609 2852 Changer - ok
15:35:22.0625 2852 CmdIde - ok
15:35:22.0640 2852 Cpqarray - ok
15:35:22.0640 2852 dac2w2k - ok
15:35:22.0656 2852 dac960nt - ok
15:35:22.0687 2852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:35:22.0687 2852 Disk - ok
15:35:22.0718 2852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:35:22.0718 2852 dmboot - ok
15:35:22.0718 2852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:35:22.0734 2852 dmio - ok
15:35:22.0750 2852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:35:22.0750 2852 dmload - ok
15:35:22.0781 2852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:35:22.0781 2852 DMusic - ok
15:35:22.0796 2852 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:35:22.0796 2852 dot4 - ok
15:35:22.0828 2852 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:35:22.0828 2852 Dot4Print - ok
15:35:22.0843 2852 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
15:35:22.0843 2852 Dot4Scan - ok
15:35:22.0875 2852 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:35:22.0875 2852 dot4usb - ok
15:35:22.0875 2852 dpti2o - ok
15:35:22.0890 2852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:35:22.0890 2852 drmkaud - ok
15:35:22.0906 2852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:35:22.0906 2852 Fastfat - ok
15:35:22.0921 2852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:35:22.0921 2852 Fdc - ok
15:35:22.0937 2852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:35:22.0937 2852 Fips - ok
15:35:22.0953 2852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:35:22.0953 2852 Flpydisk - ok
15:35:22.0984 2852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:35:22.0984 2852 FltMgr - ok
15:35:23.0015 2852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:35:23.0015 2852 Fs_Rec - ok
15:35:23.0015 2852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:35:23.0015 2852 Ftdisk - ok
15:35:23.0062 2852 gdrv (ec2539f4c674bd9e1ac2187101ee77cc) C:\WINDOWS\gdrv.sys
15:35:23.0062 2852 gdrv - ok
15:35:23.0093 2852 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:35:23.0093 2852 GEARAspiWDM - ok
15:35:23.0109 2852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:35:23.0109 2852 Gpc - ok
15:35:23.0156 2852 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:35:23.0156 2852 HDAudBus - ok
15:35:23.0171 2852 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:35:23.0171 2852 hidusb - ok
15:35:23.0171 2852 hpn - ok
15:35:23.0234 2852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:35:23.0234 2852 HTTP - ok
15:35:23.0234 2852 i2omgmt - ok
15:35:23.0250 2852 i2omp - ok
15:35:23.0265 2852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:35:23.0265 2852 i8042prt - ok
15:35:23.0265 2852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:35:23.0265 2852 Imapi - ok
15:35:23.0281 2852 ini910u - ok
15:35:23.0406 2852 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:35:23.0421 2852 IntcAzAudAddService - ok
15:35:23.0421 2852 IntelIde - ok
15:35:23.0468 2852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:35:23.0468 2852 Ip6Fw - ok
15:35:23.0500 2852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:35:23.0500 2852 IpFilterDriver - ok
15:35:23.0515 2852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:35:23.0515 2852 IpInIp - ok
15:35:23.0546 2852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:35:23.0546 2852 IpNat - ok
15:35:23.0562 2852 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:35:23.0562 2852 IPSec - ok
15:35:23.0578 2852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:35:23.0578 2852 IRENUM - ok
15:35:23.0609 2852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:35:23.0609 2852 isapnp - ok
15:35:23.0625 2852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:35:23.0625 2852 Kbdclass - ok
15:35:23.0625 2852 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:35:23.0625 2852 kbdhid - ok
15:35:23.0671 2852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:35:23.0671 2852 kmixer - ok
15:35:23.0703 2852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:35:23.0703 2852 KSecDD - ok
15:35:23.0703 2852 lbrtfdc - ok
15:35:23.0750 2852 LUMDriver (a83ca48076a3c43c3b71175095838d69) C:\WINDOWS\system32\drivers\LUMDriver.sys
15:35:23.0750 2852 LUMDriver - ok
15:35:23.0812 2852 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
15:35:23.0812 2852 MarvinBus - ok
15:35:23.0828 2852 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:35:23.0828 2852 MBAMProtector - ok
15:35:23.0843 2852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:35:23.0843 2852 mnmdd - ok
15:35:23.0875 2852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:35:23.0875 2852 Modem - ok
15:35:23.0890 2852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:35:23.0890 2852 Mouclass - ok
15:35:23.0906 2852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:35:23.0906 2852 mouhid - ok
15:35:23.0906 2852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:35:23.0906 2852 MountMgr - ok
15:35:23.0953 2852 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:35:23.0953 2852 MpFilter - ok
15:35:24.0078 2852 MpKsl359119d7 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6272D33B-AA47-41FE-9DD1-AC87AC740F5D}\MpKsl359119d7.sys
15:35:24.0078 2852 MpKsl359119d7 - ok
15:35:24.0078 2852 mraid35x - ok
15:35:24.0093 2852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:35:24.0093 2852 MRxDAV - ok
15:35:24.0140 2852 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:35:24.0140 2852 MRxSmb - ok
15:35:24.0156 2852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:35:24.0156 2852 Msfs - ok
15:35:24.0187 2852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:35:24.0187 2852 MSKSSRV - ok
15:35:24.0203 2852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:35:24.0203 2852 MSPCLOCK - ok
15:35:24.0218 2852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:35:24.0218 2852 MSPQM - ok
15:35:24.0250 2852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:35:24.0250 2852 mssmbios - ok
15:35:24.0281 2852 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:35:24.0281 2852 Mup - ok
15:35:24.0312 2852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:35:24.0312 2852 NDIS - ok
15:35:24.0343 2852 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:35:24.0359 2852 NdisTapi - ok
15:35:24.0359 2852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:35:24.0359 2852 Ndisuio - ok
15:35:24.0375 2852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:35:24.0375 2852 NdisWan - ok
15:35:24.0390 2852 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:35:24.0390 2852 NDProxy - ok
15:35:24.0406 2852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:35:24.0406 2852 NetBIOS - ok
15:35:24.0437 2852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:35:24.0437 2852 NetBT - ok
15:35:24.0453 2852 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:35:24.0453 2852 NIC1394 - ok
15:35:24.0468 2852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:35:24.0468 2852 Npfs - ok
15:35:24.0484 2852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:35:24.0500 2852 Ntfs - ok
15:35:24.0531 2852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:35:24.0531 2852 Null - ok
15:35:24.0562 2852 nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
15:35:24.0562 2852 nusb3hub - ok
15:35:24.0593 2852 nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
15:35:24.0593 2852 nusb3xhc - ok
15:35:24.0765 2852 nv (8c2ed5910513a56cf78bfd86d5d0894f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:35:24.0796 2852 nv - ok
15:35:24.0843 2852 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys
15:35:24.0843 2852 nvata - ok
15:35:24.0859 2852 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:35:24.0859 2852 NVENETFD - ok
15:35:24.0890 2852 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:35:24.0890 2852 nvnetbus - ok
15:35:24.0937 2852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:35:24.0937 2852 NwlnkFlt - ok
15:35:24.0937 2852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:35:24.0953 2852 NwlnkFwd - ok
15:35:24.0968 2852 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:35:24.0968 2852 ohci1394 - ok
15:35:25.0000 2852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:35:25.0000 2852 Parport - ok
15:35:25.0015 2852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:35:25.0015 2852 PartMgr - ok
15:35:25.0062 2852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:35:25.0062 2852 ParVdm - ok
15:35:25.0062 2852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:35:25.0062 2852 PCI - ok
15:35:25.0062 2852 PCIDump - ok
15:35:25.0109 2852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:35:25.0109 2852 PCIIde - ok
15:35:25.0125 2852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:35:25.0125 2852 Pcmcia - ok
15:35:25.0140 2852 PDCOMP - ok
15:35:25.0140 2852 PDFRAME - ok
15:35:25.0156 2852 PDRELI - ok
15:35:25.0156 2852 PDRFRAME - ok
15:35:25.0171 2852 perc2 - ok
15:35:25.0171 2852 perc2hib - ok
15:35:25.0218 2852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:35:25.0218 2852 PptpMiniport - ok
15:35:25.0234 2852 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:35:25.0234 2852 Processor - ok
15:35:25.0234 2852 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:35:25.0234 2852 PSched - ok
15:35:25.0281 2852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:35:25.0281 2852 Ptilink - ok
15:35:25.0281 2852 ql1080 - ok
15:35:25.0312 2852 Ql10wnt - ok
15:35:25.0312 2852 ql12160 - ok
15:35:25.0312 2852 ql1240 - ok
15:35:25.0312 2852 ql1280 - ok
15:35:25.0343 2852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:35:25.0343 2852 RasAcd - ok
15:35:25.0359 2852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:35:25.0359 2852 Rasl2tp - ok
15:35:25.0375 2852 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:35:25.0375 2852 RasPppoe - ok
15:35:25.0375 2852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:35:25.0375 2852 Raspti - ok
15:35:25.0390 2852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:35:25.0390 2852 Rdbss - ok
15:35:25.0406 2852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:35:25.0406 2852 RDPCDD - ok
15:35:25.0406 2852 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:35:25.0421 2852 rdpdr - ok
15:35:25.0453 2852 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:35:25.0453 2852 RDPWD - ok
15:35:25.0484 2852 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:35:25.0484 2852 redbook - ok
15:35:25.0546 2852 RT61 (b1a055f3b4cf2a60ada63009f157126c) C:\WINDOWS\system32\DRIVERS\RT61.sys
15:35:25.0546 2852 RT61 - ok
15:35:25.0640 2852 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:35:25.0640 2852 SASDIFSV - ok
15:35:25.0656 2852 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:35:25.0656 2852 SASKUTIL - ok
15:35:25.0687 2852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:35:25.0687 2852 Secdrv - ok
15:35:25.0718 2852 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:35:25.0718 2852 serenum - ok
15:35:25.0734 2852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:35:25.0734 2852 Serial - ok
15:35:25.0750 2852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:35:25.0750 2852 Sfloppy - ok
15:35:25.0765 2852 Simbad - ok
15:35:25.0765 2852 Sparrow - ok
15:35:25.0781 2852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:35:25.0781 2852 splitter - ok
15:35:25.0796 2852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:35:25.0796 2852 sr - ok
15:35:25.0828 2852 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:35:25.0828 2852 Srv - ok
15:35:25.0859 2852 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:35:25.0859 2852 swenum - ok
15:35:25.0859 2852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:35:25.0859 2852 swmidi - ok
15:35:25.0875 2852 symc810 - ok
15:35:25.0875 2852 symc8xx - ok
15:35:25.0890 2852 sym_hi - ok
15:35:25.0890 2852 sym_u3 - ok
15:35:25.0906 2852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:35:25.0906 2852 sysaudio - ok
15:35:25.0953 2852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:35:25.0968 2852 Tcpip - ok
15:35:25.0984 2852 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:35:25.0984 2852 TDPIPE - ok
15:35:26.0000 2852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:35:26.0000 2852 TDTCP - ok
15:35:26.0031 2852 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:35:26.0031 2852 TermDD - ok
15:35:26.0046 2852 TosIde - ok
15:35:26.0078 2852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:35:26.0078 2852 Udfs - ok
15:35:26.0093 2852 ultra - ok
15:35:26.0093 2852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:35:26.0093 2852 Update - ok
15:35:26.0140 2852 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:35:26.0140 2852 USBAAPL - ok
15:35:26.0171 2852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:35:26.0171 2852 usbccgp - ok
15:35:26.0171 2852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:35:26.0187 2852 usbehci - ok
15:35:26.0187 2852 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:35:26.0187 2852 usbhub - ok
15:35:26.0203 2852 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:35:26.0203 2852 usbohci - ok
15:35:26.0218 2852 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:35:26.0218 2852 usbprint - ok
15:35:26.0250 2852 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:35:26.0250 2852 usbscan - ok
15:35:26.0281 2852 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:35:26.0281 2852 USBSTOR - ok
15:35:26.0296 2852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:35:26.0296 2852 VgaSave - ok
15:35:26.0296 2852 ViaIde - ok
15:35:26.0328 2852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:35:26.0328 2852 VolSnap - ok
15:35:26.0406 2852 vtdg46xx - ok
15:35:26.0421 2852 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:35:26.0421 2852 Wanarp - ok
15:35:26.0437 2852 WDICA - ok
15:35:26.0453 2852 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:35:26.0453 2852 wdmaud - ok
15:35:26.0515 2852 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:35:26.0515 2852 WS2IFSL - ok
15:35:26.0562 2852 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:35:26.0562 2852 WudfPf - ok
15:35:26.0562 2852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:35:26.0562 2852 WudfRd - ok
15:35:26.0609 2852 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:35:26.0687 2852 \Device\Harddisk0\DR0 - ok
15:35:26.0687 2852 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:35:26.0687 2852 \Device\Harddisk1\DR1 - ok
15:35:26.0687 2852 Boot (0x1200) (0e6a2ebe78d2f548a82e717d6616786a) \Device\Harddisk0\DR0\Partition0
15:35:26.0687 2852 \Device\Harddisk0\DR0\Partition0 - ok
15:35:26.0687 2852 Boot (0x1200) (f01cb1fcd2022f39ec9525d67a456214) \Device\Harddisk1\DR1\Partition0
15:35:26.0687 2852 \Device\Harddisk1\DR1\Partition0 - ok
15:35:26.0703 2852 Boot (0x1200) (f77d235bfc8336882b71a88965ddf96e) \Device\Harddisk1\DR1\Partition1
15:35:26.0703 2852 \Device\Harddisk1\DR1\Partition1 - ok
15:35:26.0703 2852 ============================================================
15:35:26.0703 2852 Scan finished
15:35:26.0703 2852 ============================================================
15:35:26.0703 1660 Detected object count: 0
15:35:26.0703 1660 Actual detected object count: 0






Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.02.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mike :: MIKE-67563D2DED [administrator]

Protection: Enabled

3/2/2012 2:06:43 PM
mbam-log-2012-03-02 (14-06-43).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439175
Time elapsed: 1 hour(s), 24 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:59 PM

Posted 02 March 2012 - 04:21 PM

Ok lets do tdss again but differenty.

  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mugwamp

mugwamp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 02 March 2012 - 08:14 PM

18:26:02.0921 3000 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
18:26:03.0250 3000 ============================================================
18:26:03.0250 3000 Current date / time: 2012/03/02 18:26:03.0250
18:26:03.0250 3000 SystemInfo:
18:26:03.0250 3000
18:26:03.0250 3000 OS Version: 5.1.2600 ServicePack: 3.0
18:26:03.0250 3000 Product type: Workstation
18:26:03.0250 3000 ComputerName: MIKE-67563D2DED
18:26:03.0250 3000 UserName: Mike
18:26:03.0250 3000 Windows directory: C:\WINDOWS
18:26:03.0250 3000 System windows directory: C:\WINDOWS
18:26:03.0250 3000 Processor architecture: Intel x86
18:26:03.0250 3000 Number of processors: 2
18:26:03.0250 3000 Page size: 0x1000
18:26:03.0250 3000 Boot type: Normal boot
18:26:03.0250 3000 ============================================================
18:26:03.0796 3000 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:26:03.0796 3000 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
18:26:03.0796 3000 \Device\Harddisk0\DR0:
18:26:03.0796 3000 MBR used
18:26:03.0796 3000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
18:26:03.0796 3000 \Device\Harddisk1\DR1:
18:26:03.0796 3000 MBR used
18:26:03.0796 3000 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36EE80E1
18:26:03.0796 3000 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x36EE815F, BlocksNum 0x3D81E861
18:26:03.0843 3000 Initialize success
18:26:03.0843 3000 ============================================================
18:26:49.0781 1780 ============================================================
18:26:49.0781 1780 Scan started
18:26:49.0781 1780 Mode: Manual; TDLFS;
18:26:49.0781 1780 ============================================================
18:26:50.0234 1780 Abiosdsk - ok
18:26:50.0234 1780 abp480n5 - ok
18:26:50.0281 1780 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:26:50.0296 1780 ACPI - ok
18:26:50.0328 1780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:26:50.0328 1780 ACPIEC - ok
18:26:50.0343 1780 adpu160m - ok
18:26:50.0375 1780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:26:50.0375 1780 aec - ok
18:26:50.0421 1780 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:26:50.0421 1780 AFD - ok
18:26:50.0437 1780 Aha154x - ok
18:26:50.0437 1780 aic78u2 - ok
18:26:50.0453 1780 aic78xx - ok
18:26:50.0468 1780 AliIde - ok
18:26:50.0500 1780 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:26:50.0500 1780 AmdK8 - ok
18:26:50.0515 1780 amsint - ok
18:26:50.0531 1780 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:26:50.0531 1780 Arp1394 - ok
18:26:50.0531 1780 asc - ok
18:26:50.0531 1780 asc3350p - ok
18:26:50.0546 1780 asc3550 - ok
18:26:50.0578 1780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:26:50.0578 1780 AsyncMac - ok
18:26:50.0578 1780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:26:50.0578 1780 atapi - ok
18:26:50.0593 1780 Atdisk - ok
18:26:50.0625 1780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:26:50.0625 1780 Atmarpc - ok
18:26:50.0671 1780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:26:50.0671 1780 audstub - ok
18:26:50.0703 1780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:26:50.0703 1780 Beep - ok
18:26:50.0859 1780 catchme - ok
18:26:50.0890 1780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:26:50.0890 1780 cbidf2k - ok
18:26:50.0906 1780 cd20xrnt - ok
18:26:50.0937 1780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:26:50.0937 1780 Cdaudio - ok
18:26:50.0953 1780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:26:50.0953 1780 Cdfs - ok
18:26:50.0968 1780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:26:50.0968 1780 Cdrom - ok
18:26:50.0968 1780 Changer - ok
18:26:50.0984 1780 CmdIde - ok
18:26:51.0000 1780 Cpqarray - ok
18:26:51.0000 1780 dac2w2k - ok
18:26:51.0015 1780 dac960nt - ok
18:26:51.0031 1780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:26:51.0031 1780 Disk - ok
18:26:51.0062 1780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:26:51.0078 1780 dmboot - ok
18:26:51.0078 1780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:26:51.0078 1780 dmio - ok
18:26:51.0109 1780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:26:51.0109 1780 dmload - ok
18:26:51.0140 1780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:26:51.0140 1780 DMusic - ok
18:26:51.0156 1780 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:26:51.0156 1780 dot4 - ok
18:26:51.0187 1780 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:26:51.0187 1780 Dot4Print - ok
18:26:51.0203 1780 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
18:26:51.0203 1780 Dot4Scan - ok
18:26:51.0218 1780 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
18:26:51.0218 1780 dot4usb - ok
18:26:51.0234 1780 dpti2o - ok
18:26:51.0234 1780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:26:51.0234 1780 drmkaud - ok
18:26:51.0265 1780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:26:51.0265 1780 Fastfat - ok
18:26:51.0281 1780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:26:51.0281 1780 Fdc - ok
18:26:51.0296 1780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:26:51.0296 1780 Fips - ok
18:26:51.0312 1780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:26:51.0312 1780 Flpydisk - ok
18:26:51.0328 1780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:26:51.0343 1780 FltMgr - ok
18:26:51.0359 1780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:26:51.0359 1780 Fs_Rec - ok
18:26:51.0375 1780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:26:51.0375 1780 Ftdisk - ok
18:26:51.0421 1780 gdrv (ec2539f4c674bd9e1ac2187101ee77cc) C:\WINDOWS\gdrv.sys
18:26:51.0421 1780 gdrv - ok
18:26:51.0453 1780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:26:51.0453 1780 GEARAspiWDM - ok
18:26:51.0453 1780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:26:51.0468 1780 Gpc - ok
18:26:51.0515 1780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:26:51.0515 1780 HDAudBus - ok
18:26:51.0562 1780 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:26:51.0562 1780 hidusb - ok
18:26:51.0562 1780 hpn - ok
18:26:51.0609 1780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:26:51.0625 1780 HTTP - ok
18:26:51.0625 1780 i2omgmt - ok
18:26:51.0640 1780 i2omp - ok
18:26:51.0656 1780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:26:51.0656 1780 i8042prt - ok
18:26:51.0656 1780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:26:51.0656 1780 Imapi - ok
18:26:51.0671 1780 ini910u - ok
18:26:51.0796 1780 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:26:51.0812 1780 IntcAzAudAddService - ok
18:26:51.0828 1780 IntelIde - ok
18:26:51.0859 1780 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:26:51.0859 1780 Ip6Fw - ok
18:26:51.0890 1780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:26:51.0890 1780 IpFilterDriver - ok
18:26:51.0921 1780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:26:51.0921 1780 IpInIp - ok
18:26:51.0953 1780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:26:51.0953 1780 IpNat - ok
18:26:51.0953 1780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:26:51.0953 1780 IPSec - ok
18:26:51.0984 1780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:26:51.0984 1780 IRENUM - ok
18:26:52.0015 1780 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:26:52.0015 1780 isapnp - ok
18:26:52.0015 1780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:26:52.0015 1780 Kbdclass - ok
18:26:52.0031 1780 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:26:52.0031 1780 kbdhid - ok
18:26:52.0046 1780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:26:52.0046 1780 kmixer - ok
18:26:52.0078 1780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:26:52.0078 1780 KSecDD - ok
18:26:52.0078 1780 lbrtfdc - ok
18:26:52.0125 1780 LUMDriver (a83ca48076a3c43c3b71175095838d69) C:\WINDOWS\system32\drivers\LUMDriver.sys
18:26:52.0125 1780 LUMDriver - ok
18:26:52.0156 1780 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
18:26:52.0156 1780 MarvinBus - ok
18:26:52.0187 1780 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:26:52.0187 1780 MBAMProtector - ok
18:26:52.0203 1780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:26:52.0203 1780 mnmdd - ok
18:26:52.0218 1780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:26:52.0218 1780 Modem - ok
18:26:52.0250 1780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:26:52.0250 1780 Mouclass - ok
18:26:52.0265 1780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:26:52.0265 1780 mouhid - ok
18:26:52.0265 1780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:26:52.0265 1780 MountMgr - ok
18:26:52.0312 1780 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:26:52.0312 1780 MpFilter - ok
18:26:52.0437 1780 MpKsl359119d7 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6272D33B-AA47-41FE-9DD1-AC87AC740F5D}\MpKsl359119d7.sys
18:26:52.0437 1780 MpKsl359119d7 - ok
18:26:52.0453 1780 mraid35x - ok
18:26:52.0453 1780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:26:52.0453 1780 MRxDAV - ok
18:26:52.0515 1780 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:26:52.0515 1780 MRxSmb - ok
18:26:52.0531 1780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:26:52.0531 1780 Msfs - ok
18:26:52.0562 1780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:26:52.0562 1780 MSKSSRV - ok
18:26:52.0578 1780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:26:52.0578 1780 MSPCLOCK - ok
18:26:52.0593 1780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:26:52.0593 1780 MSPQM - ok
18:26:52.0625 1780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:26:52.0625 1780 mssmbios - ok
18:26:52.0640 1780 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:26:52.0640 1780 Mup - ok
18:26:52.0687 1780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:26:52.0687 1780 NDIS - ok
18:26:52.0734 1780 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:26:52.0734 1780 NdisTapi - ok
18:26:52.0750 1780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:26:52.0750 1780 Ndisuio - ok
18:26:52.0750 1780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:26:52.0750 1780 NdisWan - ok
18:26:52.0781 1780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:26:52.0781 1780 NDProxy - ok
18:26:52.0781 1780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:26:52.0781 1780 NetBIOS - ok
18:26:52.0812 1780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:26:52.0812 1780 NetBT - ok
18:26:52.0843 1780 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:26:52.0843 1780 NIC1394 - ok
18:26:52.0843 1780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:26:52.0843 1780 Npfs - ok
18:26:52.0875 1780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:26:52.0875 1780 Ntfs - ok
18:26:52.0921 1780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:26:52.0921 1780 Null - ok
18:26:52.0953 1780 nusb3hub (68c890ddb21028cb1ea5551b47b29e1b) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
18:26:52.0953 1780 nusb3hub - ok
18:26:52.0984 1780 nusb3xhc (2cf970c1a9e05d3b91039c2dd4471c0e) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
18:26:52.0984 1780 nusb3xhc - ok
18:26:53.0140 1780 nv (8c2ed5910513a56cf78bfd86d5d0894f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:26:53.0171 1780 nv - ok
18:26:53.0203 1780 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys
18:26:53.0203 1780 nvata - ok
18:26:53.0218 1780 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:26:53.0218 1780 NVENETFD - ok
18:26:53.0250 1780 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:26:53.0250 1780 nvnetbus - ok
18:26:53.0312 1780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:26:53.0312 1780 NwlnkFlt - ok
18:26:53.0312 1780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:26:53.0312 1780 NwlnkFwd - ok
18:26:53.0328 1780 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:26:53.0328 1780 ohci1394 - ok
18:26:53.0359 1780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:26:53.0359 1780 Parport - ok
18:26:53.0359 1780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:26:53.0359 1780 PartMgr - ok
18:26:53.0406 1780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:26:53.0406 1780 ParVdm - ok
18:26:53.0421 1780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:26:53.0421 1780 PCI - ok
18:26:53.0421 1780 PCIDump - ok
18:26:53.0453 1780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:26:53.0453 1780 PCIIde - ok
18:26:53.0468 1780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:26:53.0468 1780 Pcmcia - ok
18:26:53.0468 1780 PDCOMP - ok
18:26:53.0484 1780 PDFRAME - ok
18:26:53.0484 1780 PDRELI - ok
18:26:53.0500 1780 PDRFRAME - ok
18:26:53.0500 1780 perc2 - ok
18:26:53.0515 1780 perc2hib - ok
18:26:53.0562 1780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:26:53.0562 1780 PptpMiniport - ok
18:26:53.0562 1780 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:26:53.0562 1780 Processor - ok
18:26:53.0578 1780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:26:53.0578 1780 PSched - ok
18:26:53.0593 1780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:26:53.0593 1780 Ptilink - ok
18:26:53.0609 1780 ql1080 - ok
18:26:53.0609 1780 Ql10wnt - ok
18:26:53.0625 1780 ql12160 - ok
18:26:53.0625 1780 ql1240 - ok
18:26:53.0640 1780 ql1280 - ok
18:26:53.0671 1780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:26:53.0671 1780 RasAcd - ok
18:26:53.0687 1780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:26:53.0687 1780 Rasl2tp - ok
18:26:53.0687 1780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:26:53.0687 1780 RasPppoe - ok
18:26:53.0703 1780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:26:53.0703 1780 Raspti - ok
18:26:53.0734 1780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:26:53.0734 1780 Rdbss - ok
18:26:53.0750 1780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:26:53.0750 1780 RDPCDD - ok
18:26:53.0765 1780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:26:53.0765 1780 rdpdr - ok
18:26:53.0796 1780 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:26:53.0796 1780 RDPWD - ok
18:26:53.0828 1780 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:26:53.0828 1780 redbook - ok
18:26:53.0890 1780 RT61 (b1a055f3b4cf2a60ada63009f157126c) C:\WINDOWS\system32\DRIVERS\RT61.sys
18:26:53.0890 1780 RT61 - ok
18:26:53.0984 1780 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:26:53.0984 1780 SASDIFSV - ok
18:26:54.0000 1780 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:26:54.0000 1780 SASKUTIL - ok
18:26:54.0031 1780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:26:54.0031 1780 Secdrv - ok
18:26:54.0078 1780 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:26:54.0078 1780 serenum - ok
18:26:54.0093 1780 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:26:54.0093 1780 Serial - ok
18:26:54.0125 1780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:26:54.0125 1780 Sfloppy - ok
18:26:54.0140 1780 Simbad - ok
18:26:54.0156 1780 Sparrow - ok
18:26:54.0171 1780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:26:54.0187 1780 splitter - ok
18:26:54.0203 1780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:26:54.0203 1780 sr - ok
18:26:54.0234 1780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:26:54.0234 1780 Srv - ok
18:26:54.0265 1780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:26:54.0265 1780 swenum - ok
18:26:54.0265 1780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:26:54.0265 1780 swmidi - ok
18:26:54.0281 1780 symc810 - ok
18:26:54.0281 1780 symc8xx - ok
18:26:54.0296 1780 sym_hi - ok
18:26:54.0296 1780 sym_u3 - ok
18:26:54.0343 1780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:26:54.0343 1780 sysaudio - ok
18:26:54.0390 1780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:26:54.0406 1780 Tcpip - ok
18:26:54.0421 1780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:26:54.0421 1780 TDPIPE - ok
18:26:54.0437 1780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:26:54.0437 1780 TDTCP - ok
18:26:54.0468 1780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:26:54.0468 1780 TermDD - ok
18:26:54.0484 1780 TosIde - ok
18:26:54.0500 1780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:26:54.0500 1780 Udfs - ok
18:26:54.0500 1780 ultra - ok
18:26:54.0515 1780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:26:54.0515 1780 Update - ok
18:26:54.0578 1780 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:26:54.0578 1780 USBAAPL - ok
18:26:54.0593 1780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:26:54.0593 1780 usbccgp - ok
18:26:54.0609 1780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:26:54.0609 1780 usbehci - ok
18:26:54.0625 1780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:26:54.0625 1780 usbhub - ok
18:26:54.0625 1780 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:26:54.0625 1780 usbohci - ok
18:26:54.0656 1780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:26:54.0656 1780 usbprint - ok
18:26:54.0703 1780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:26:54.0703 1780 usbscan - ok
18:26:54.0734 1780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:26:54.0734 1780 USBSTOR - ok
18:26:54.0734 1780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:26:54.0734 1780 VgaSave - ok
18:26:54.0750 1780 ViaIde - ok
18:26:54.0765 1780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:26:54.0765 1780 VolSnap - ok
18:26:54.0843 1780 vtdg46xx - ok
18:26:54.0859 1780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:26:54.0859 1780 Wanarp - ok
18:26:54.0875 1780 WDICA - ok
18:26:54.0890 1780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:26:54.0890 1780 wdmaud - ok
18:26:54.0953 1780 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:26:54.0953 1780 WS2IFSL - ok
18:26:55.0000 1780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:26:55.0000 1780 WudfPf - ok
18:26:55.0000 1780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:26:55.0000 1780 WudfRd - ok
18:26:55.0031 1780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:26:55.0109 1780 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:26:55.0109 1780 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:26:55.0109 1780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:26:55.0187 1780 \Device\Harddisk1\DR1 - ok
18:26:55.0187 1780 Boot (0x1200) (0e6a2ebe78d2f548a82e717d6616786a) \Device\Harddisk0\DR0\Partition0
18:26:55.0187 1780 \Device\Harddisk0\DR0\Partition0 - ok
18:26:55.0187 1780 Boot (0x1200) (f01cb1fcd2022f39ec9525d67a456214) \Device\Harddisk1\DR1\Partition0
18:26:55.0187 1780 \Device\Harddisk1\DR1\Partition0 - ok
18:26:55.0203 1780 Boot (0x1200) (f77d235bfc8336882b71a88965ddf96e) \Device\Harddisk1\DR1\Partition1
18:26:55.0203 1780 \Device\Harddisk1\DR1\Partition1 - ok
18:26:55.0203 1780 ============================================================
18:26:55.0203 1780 Scan finished
18:26:55.0203 1780 ============================================================
18:26:55.0203 4024 Detected object count: 1
18:26:55.0203 4024 Actual detected object count: 1
18:27:12.0015 4024 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:27:12.0015 4024 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


ESETScan.txt

C:\Program Files\FoxTabFLVConverter\flvConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{AEFD7E66-2BB3-4498-A400-9BB7561338FB}\RP1\A0005024.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:59 PM

Posted 02 March 2012 - 09:10 PM

OK,we cannot get it,so we need some help.

Start a new topic called Can't remove'Alureon.E'

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.

Edited by boopme, 02 March 2012 - 09:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:59 AM

Posted 03 March 2012 - 06:21 PM

Requested logs have been posted here http://www.bleepingcomputer.com/forums/topic444899.html

This topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users