need help with->DOS/ALUREON.E

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

need help with->DOS/ALUREON.E

Post by dannyr on Sat 26 Nov 2011, 5:56 am

First topic message reminder :

NEED HELP WITH --> DOS/ALUREON.E
I CAN NOT ACCESS THE INTERNET FROM THE INFECTED COMPUTER TO RUN THE OTL YOU GUYS NEED THIS VIRUS OR WHATEVER IT IS IS PRETTY NASTY

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down


Re: need help with->DOS/ALUREON.E

Post by Superdave on Thu 01 Dec 2011, 6:31 am

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post. .

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Thu 01 Dec 2011, 6:46 am

MiniToolBox by Farbar
Ran by bridge (administrator) on 30-11-2011 at 14:43:19
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.40.128 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.40.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=none register=PRIMARY
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : BYPC3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-18-8B-5A-5E-54

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.40.128

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.40.1

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 5a 5e 54 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.40.1 192.168.40.128 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.40.0 255.255.255.0 192.168.40.128 192.168.40.128 20
192.168.40.128 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.40.255 255.255.255.255 192.168.40.128 192.168.40.128 20
224.0.0.0 240.0.0.0 192.168.40.128 192.168.40.128 20
255.255.255.255 255.255.255.255 192.168.40.128 192.168.40.128 1
Default Gateway: 192.168.40.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/30/2011 01:11:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist.

Error: (11/30/2011 01:11:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: The server name or address could not be resolved

Error: (11/30/2011 01:10:40 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/30/2011 00:57:49 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/29/2011 01:42:23 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/29/2011 01:33:17 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (11/30/2011 02:42:17 PM) (Source: DCOM) (User: bridge)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/30/2011 02:26:37 PM) (Source: DCOM) (User: bridge)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/30/2011 02:25:35 PM) (Source: DCOM) (User: bridge)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/30/2011 01:26:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}1

Action Status: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}8

Error Code: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}3

Error description: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}4

Signature Version: 2011-11-30T18:16:21.390Z1

Engine Version: 2011-11-30T18:16:21.390Z2

Error: (11/30/2011 01:10:40 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.115.2549.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/30/2011 01:10:40 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/30/2011 01:10:40 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/30/2011 01:01:32 PM) (Source: DCOM) (User: bridge)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/30/2011 00:58:03 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}1

Action Status: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}8

Error Code: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}3

Error description: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}4

Signature Version: 2011-11-30T17:47:59.703Z1

Engine Version: 2011-11-30T17:47:59.703Z2

Error: (11/30/2011 00:57:49 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.115.2549.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (11/30/2011 01:11:42 PM) (Source: crypt32)(User: )
Description: [You must be registered and logged in to see this link.] network connection does not exist.

Error: (11/30/2011 01:11:42 PM) (Source: crypt32)(User: )
Description: [You must be registered and logged in to see this link.] server name or address could not be resolved

Error: (11/30/2011 01:10:40 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (11/30/2011 00:57:49 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (11/29/2011 01:42:23 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\PROCESSLISTRELATED.DB

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\PROCESSLISTRELATED.DB

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\PROCESSLIST.DB

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\PROCESSLIST.DB

Error: (11/29/2011 01:33:17 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\DETECT.WAV


========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 1982.42 MB
Available physical RAM: 1647.05 MB
Total Pagefile: 2505.46 MB
Available Pagefile: 2327.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.53 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.46 GB) (Free:57 GB) NTFS

========================= Users: ========================================

User accounts for \\BYPC3

Administrator bridge Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Thu 01 Dec 2011, 10:21 am

This is not the full log. Please run it again and post the complete log.

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Sat 03 Dec 2011, 1:15 am

MiniToolBox by Farbar
Ran by bridge (administrator) on 30-11-2011 at 14:43:19
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.40.128 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.40.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=none register=PRIMARY
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : BYPC3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-18-8B-5A-5E-54

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.40.128

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.40.1

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 5a 5e 54 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.40.1 192.168.40.128 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.40.0 255.255.255.0 192.168.40.128 192.168.40.128 20
192.168.40.128 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.40.255 255.255.255.255 192.168.40.128 192.168.40.128 20
224.0.0.0 240.0.0.0 192.168.40.128 192.168.40.128 20
255.255.255.255 255.255.255.255 192.168.40.128 192.168.40.128 1
Default Gateway: 192.168.40.1
===========================================================================
Persistent Routes:
None

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Sat 03 Dec 2011, 1:16 am


========================= Event log errors: ===============================

Application errors:
==================
Error: (11/30/2011 01:11:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist.

Error: (11/30/2011 01:11:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: with error: The server name or address could not be resolved

Error: (11/30/2011 01:10:40 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/30/2011 00:57:49 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/29/2011 01:42:23 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (11/29/2011 01:33:17 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (11/30/2011 02:42:17 PM) (Source: DCOM) (User: bridge)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/30/2011 02:26:37 PM) (Source: DCOM) (User: bridge)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/30/2011 02:25:35 PM) (Source: DCOM) (User: bridge)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/30/2011 01:26:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}1

Action Status: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}8

Error Code: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}3

Error description: {1F753945-F1F5-49E0-9B2F-B629FC26E54C}4

Signature Version: 2011-11-30T18:16:21.390Z1

Engine Version: 2011-11-30T18:16:21.390Z2

Error: (11/30/2011 01:10:40 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.115.2549.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/30/2011 01:10:40 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/30/2011 01:10:40 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/30/2011 01:01:32 PM) (Source: DCOM) (User: bridge)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/30/2011 00:58:03 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.E60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.E603

Name: Trojan:DOS/Alureon.E

ID: 2147650952

Severity: %Trojan:DOS/Alureon.E600

Category: %Trojan:DOS/Alureon.E602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.E608

User: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}9

Process Name: %Trojan:DOS/Alureon.E609

Action: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}1

Action Status: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}8

Error Code: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}3

Error description: {44D08B14-2D47-4A83-A9F4-FCF1714FB4EA}4

Signature Version: 2011-11-30T17:47:59.703Z1

Engine Version: 2011-11-30T17:47:59.703Z2

Error: (11/30/2011 00:57:49 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.115.2549.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (11/30/2011 01:11:42 PM) (Source: crypt32)(User: )
Description: [You must be registered and logged in to see this link.] network connection does not exist.

Error: (11/30/2011 01:11:42 PM) (Source: crypt32)(User: )
Description: [You must be registered and logged in to see this link.] server name or address could not be resolved

Error: (11/30/2011 01:10:40 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (11/30/2011 00:57:49 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (11/29/2011 01:42:23 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\PROCESSLISTRELATED.DB

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\PROCESSLISTRELATED.DB

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\PROCESSLIST.DB

Error: (11/29/2011 01:33:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\PROCESSLIST.DB

Error: (11/29/2011 01:33:17 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\BRIDGE\DESKTOP\REGHRBGRS\DETECT.WAV


========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 1982.42 MB
Available physical RAM: 1647.05 MB
Total Pagefile: 2505.46 MB
Available Pagefile: 2327.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.53 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.46 GB) (Free:57 GB) NTFS

========================= Users: ========================================

User accounts for \\BYPC3

Administrator bridge Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Sat 03 Dec 2011, 5:57 am

Please delete your current version of ComboFix.

Download ComboFix by sUBs from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Sun 04 Dec 2011, 2:42 am

superdave i can not get combo fix to work it just hangs, never finishes screen stays blue with blinking underscore What's next?

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Sun 04 Dec 2011, 6:27 am

One more try.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Sun 04 Dec 2011, 8:11 am

Dave No good it Just "freezes/hangs"

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Sun 04 Dec 2011, 12:56 pm

Ok. Please try to run it in Safe Mode.

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Mon 05 Dec 2011, 6:53 am

Did Try same Thing Hangs

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Mon 05 Dec 2011, 1:00 pm

Let's see if it will run this one.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Tue 06 Dec 2011, 12:43 am

Dave only one log opened


OTL logfile created on: 12/5/2011 8:16:44 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\bridge\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 79.08% Memory free
2.44 Gb Paging File | 2.16 Gb Available in Paging File | 88.38% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 57.34 Gb Free Space | 80.25% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.69 Gb Free Space | 89.97% Space Free | Partition Type: FAT

Computer Name: BYPC3 | User Name: bridge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 08:09:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bridge\Desktop\OTL.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/05 10:59:38 | 000,231,704 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 17:19:00 | 000,282,624 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2006/08/23 17:12:38 | 000,196,608 | -H-- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2003/07/29 08:27:40 | 000,078,336 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Updater Service for StartNow Toolbar)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Application Updater)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\blackpudding\pev.3XE -- (PEVSystemStart)
SRV - [2008/11/05 10:59:38 | 000,875,288 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/11/05 10:59:38 | 000,231,704 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 11:27:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\bridge\Desktop\freespywareremoval\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/11/05 10:59:54 | 000,076,040 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/11/05 10:59:50 | 000,097,928 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/11/05 10:59:48 | 000,026,824 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2006/07/27 17:24:28 | 001,171,464 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/17 14:03:24 | 000,044,544 | RH-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/20 10:59:26 | 000,048,640 | -H-- | M] (Ranioshack Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/17 18:59:20 | 000,212,224 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 000,680,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 001,042,432 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2011/09/03 16:30:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2011/09/03 16:30:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 08:00:41 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 08:00:37 | 000,000,000 | -H-D | M]

[2008/10/30 13:09:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\bridge\Application Data\Mozilla\Extensions
[2011/11/21 12:42:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\extensions
[2011/04/17 11:13:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/21 14:46:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/11/27 18:18:05 | 000,001,490 | -H-- | M] () -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\searchplugins\AOL Search.xml
[2011/09/30 14:13:44 | 000,001,945 | -H-- | M] () -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\searchplugins\bing-zugo.xml
[2011/09/27 13:10:50 | 000,000,939 | -H-- | M] () -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\searchplugins\conduit.xml
[2011/11/11 08:00:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BRIDGE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NS7V42J8.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2011/11/05 01:53:18 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/01 11:27:14 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/27 18:18:05 | 000,001,490 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2011/11/04 22:21:03 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/29 08:54:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Bridge Auto Parts Toolbar) - {37d0e5c3-24d6-46bc-86db-72cdb80b13de} - C:\Program Files\Bridge_Auto_Parts\prxtbBrid.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Bridge Auto Parts Toolbar) - {37d0e5c3-24d6-46bc-86db-72cdb80b13de} - C:\Program Files\Bridge_Auto_Parts\prxtbBrid.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Bridge Auto Parts Toolbar) - {37D0E5C3-24D6-46BC-86DB-72CDB80B13DE} - C:\Program Files\Bridge_Auto_Parts\prxtbBrid.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\bridge\Start Menu\Programs\Startup\autoease.lnk = C:\Program Files\FacetCorp\FacetWin\FacetWin Terminal Configurations\autoease.fwt ()
O4 - Startup: C:\Documents and Settings\bridge\Start Menu\Programs\Startup\OfficePopup.lnk = C:\Program Files\OfficePopup\OfficePopup.exe ()
O4 - Startup: C:\Documents and Settings\bridge\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\bridge\Start Menu\Programs\Startup\QuickButtons General.lnk = C:\Program Files\QuickButtons\QuickButtons.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: Web-Based Email Tools [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASWINLO.DLL) - C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\bridge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bridge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASSEH.DLL (SuperAdBlocker.com)
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2008/10/27 22:55:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - C:\blackpudding\pev.3XE ()
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - C:\blackpudding\pev.3XE ()
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/03 15:51:34 | 000,000,000 | --SD | C] -- C:\blackpudding
[2011/12/03 15:50:47 | 004,326,308 | R--- | C] (Swearware) -- C:\Documents and Settings\bridge\Desktop\blackpudding.bat
[2011/12/03 10:12:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/30 12:56:20 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\bridge\Desktop\aswMBR.exe
[2011/11/29 10:03:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/29 10:03:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/28 17:56:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/28 17:56:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/28 17:56:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/28 17:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/28 17:56:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 17:17:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 17:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bridge\Desktop\older
[2011/11/28 17:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bridge\Desktop\freespywareremoval
[2011/11/28 11:42:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bridge\Desktop\OTL.exe
[2011/11/28 11:23:59 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\bridge\Desktop\dds.pif
[2011/11/28 09:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/11/28 09:45:32 | 004,617,600 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\bridge\Desktop\SUPERAntiSpyware.exe
[2011/11/28 09:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bridge\Application Data\SUPERAntiSpyware.com
[2011/11/28 09:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/28 09:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bridge\Desktop\reghrbgrs
[2011/11/28 09:19:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\bridge\Desktop\dds.scr
[2011/11/25 16:57:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bridge\Recent
[2011/11/25 09:19:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Local Settings\Application Data\PCHealth
[2011/11/25 08:15:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Start Menu\Programs\System Fix
[2011/11/22 09:09:12 | 000,000,000 | -H-D | C] -- C:\Program Files\Conduit
[2011/11/22 09:09:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Local Settings\Application Data\Bridge_Auto_Parts
[2011/11/22 09:08:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Bridge_Auto_Parts
[2011/11/21 13:51:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/21 13:51:22 | 000,000,000 | -H-D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/21 13:51:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/11/21 13:43:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Desktop\MASTER
[2011/11/21 13:43:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Desktop\ALL INTERNET PROTECTION
[2011/11/21 13:42:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\My Documents\New Folder
[2011/11/21 12:36:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Internet Logs
[2011/11/21 11:57:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/11/16 10:34:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/11/15 13:35:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/12 19:36:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bridge\Local Settings\Application Data\4b14f1b1
[2011/11/06 17:54:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\My Documents\My Games
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/05 08:14:29 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc7a2da685e8d4.job
[2011/12/05 08:14:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/05 08:09:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bridge\Desktop\OTL.exe
[2011/12/04 12:04:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 12:02:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{79623B3E-72FC-401C-834F-64236350CB33}.job
[2011/12/03 15:15:34 | 004,326,308 | R--- | M] (Swearware) -- C:\Documents and Settings\bridge\Desktop\blackpudding.bat
[2011/12/02 08:49:09 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/30 14:38:00 | 000,381,631 | ---- | M] () -- C:\Documents and Settings\bridge\Desktop\MiniToolBox.exe
[2011/11/30 12:57:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\bridge\Desktop\MBR.dat
[2011/11/30 12:51:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\bridge\Desktop\aswMBR.exe
[2011/11/29 10:03:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/29 08:54:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/28 18:01:12 | 007,716,864 | ---- | M] () -- C:\Documents and Settings\bridge\Desktop\rc.iso
[2011/11/28 17:26:56 | 000,879,649 | ---- | M] () -- C:\Documents and Settings\bridge\Desktop\SecurityCheck.exe
[2011/11/28 11:13:40 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\bridge\Desktop\dds.pif
[2011/11/28 09:11:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\bridge\Desktop\dds.scr
[2011/11/25 09:14:54 | 000,000,849 | -H-- | M] () -- C:\Documents and Settings\bridge\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/25 08:15:36 | 000,000,312 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eNvA4Ubha3KVTk
[2011/11/25 08:15:35 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eNvA4Ubha3KVTkr
[2011/11/25 08:15:34 | 000,000,831 | -H-- | M] () -- C:\Documents and Settings\bridge\Desktop\System Fix.lnk
[2011/11/25 08:15:26 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\eNvA4Ubha3KVTk
[2011/11/25 08:13:26 | 000,081,191 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/23 19:32:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/21 14:52:29 | 000,484,640 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/21 14:52:29 | 000,087,542 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 13:41:41 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\bridge\Desktop\Shortcut to Internet.lnk
[2011/11/21 13:16:49 | 000,000,111 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\sys28076.bin
[2011/11/21 13:14:20 | 000,000,803 | RH-- | M] () -- C:\Documents and Settings\bridge\Desktop\Internet Explorer.lnk
[2011/11/21 13:01:29 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/21 12:46:41 | 000,000,784 | -H-- | M] () -- C:\Documents and Settings\bridge\My Documents\Malwarebytes' Anti-Malware.lnk
[2011/11/21 12:17:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\2985366603
[2011/11/21 12:02:27 | 000,001,945 | -H-- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/21 11:24:56 | 000,000,005 | -H-- | M] () -- C:\Documents and Settings\bridge\hjhjhj.html
[2011/11/20 13:27:44 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 13:04:38 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\bridge\Desktop\SUPERAntiSpyware.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/30 14:42:30 | 000,381,631 | ---- | C] () -- C:\Documents and Settings\bridge\Desktop\MiniToolBox.exe
[2011/11/30 12:57:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\bridge\Desktop\MBR.dat
[2011/11/29 10:03:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/29 10:03:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/28 18:09:18 | 007,716,864 | ---- | C] () -- C:\Documents and Settings\bridge\Desktop\rc.iso
[2011/11/28 17:56:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/28 17:56:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/28 17:56:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/28 17:56:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/28 17:56:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/28 17:31:43 | 000,879,649 | ---- | C] () -- C:\Documents and Settings\bridge\Desktop\SecurityCheck.exe
[2011/11/25 09:14:53 | 000,000,849 | -H-- | C] () -- C:\Documents and Settings\bridge\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/25 08:15:35 | 000,000,312 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~eNvA4Ubha3KVTk
[2011/11/25 08:15:35 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~eNvA4Ubha3KVTkr
[2011/11/25 08:15:34 | 000,000,831 | -H-- | C] () -- C:\Documents and Settings\bridge\Desktop\System Fix.lnk
[2011/11/25 08:15:26 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\eNvA4Ubha3KVTk
[2011/11/21 13:41:41 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\bridge\Desktop\Shortcut to Internet.lnk
[2011/11/21 13:14:20 | 000,000,803 | RH-- | C] () -- C:\Documents and Settings\bridge\Desktop\Internet Explorer.lnk
[2011/11/21 13:01:27 | 000,001,393 | -H-- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/21 12:46:41 | 000,000,784 | -H-- | C] () -- C:\Documents and Settings\bridge\My Documents\Malwarebytes' Anti-Malware.lnk
[2011/11/21 12:02:27 | 000,001,945 | -H-- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/21 11:24:56 | 000,000,005 | -H-- | C] () -- C:\Documents and Settings\bridge\hjhjhj.html
[2011/11/15 11:59:42 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/30 13:21:11 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/29 11:03:22 | 000,000,341 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2010/06/29 11:02:53 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2010/06/29 11:02:53 | 000,000,373 | -H-- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2008/12/08 14:47:47 | 000,027,019 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2008/11/18 10:27:33 | 000,000,776 | -H-- | C] () -- C:\Documents and Settings\bridge\Application Data\wklnhst.dat
[2008/10/30 13:09:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/28 11:03:14 | 001,617,920 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/10/28 11:03:14 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/10/28 11:03:13 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/28 11:03:13 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/28 11:03:11 | 001,470,464 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/28 11:03:11 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/10/28 11:03:11 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/10/28 11:03:11 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/28 11:03:08 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/10/28 11:03:08 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/28 11:03:08 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/10/27 22:58:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/27 22:53:21 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/27 14:47:18 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/27 14:46:16 | 000,173,872 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 23:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 12:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/22 13:48:43 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,484,640 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,087,542 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/04 10:16:34 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/11/27 18:18:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/09/04 09:14:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/03 17:20:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/11/21 11:44:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/08 14:46:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/16 09:27:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/27 18:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\acccore
[2011/09/03 16:30:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\AVGTOOLBAR
[2011/09/30 13:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\CheckPoint
[2008/11/14 14:21:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/05 12:14:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\Fomine Software
[2011/09/06 14:18:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\GetRightToGo
[2011/10/21 10:03:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\IObit
[2010/10/01 12:31:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\OpenOffice.org
[2008/12/08 15:00:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\ScanSoft
[2008/11/18 10:27:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\Template
[2008/10/30 12:06:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\Windows Desktop Search
[2008/11/05 10:40:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\Windows Search
[2011/12/04 12:02:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{79623B3E-72FC-401C-834F-64236350CB33}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-23 13:13:52


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/31 14:11:08 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/31 14:11:08 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/31 14:11:08 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/31 14:11:08 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | -H-- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | -H-- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 05:00:00 | 000,588,800 | -H-- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IASTOR.SYS >
[2006/05/11 11:30:52 | 000,247,808 | -H-- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | -H-- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | -H-- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 05:00:00 | 000,110,080 | -H-- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | -H-- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2004/08/04 05:00:00 | 000,983,552 | -H-- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | -H-- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\Documents and Settings\bridge\Local Settings\Temp\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | -H-- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 05:00:00 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | -H-- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | -H-- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | -H-- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 05:00:00 | 000,182,912 | -H-- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | -H-- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | -H-- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | -H-- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | -H-- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | -H-- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 05:00:00 | 000,574,592 | -H-- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | -H-- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | -H-- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\dllcache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | -H-- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 05:00:00 | 000,435,200 | -H-- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | -H-- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 05:00:00 | 000,050,176 | -H-- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | -H-- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | -H-- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | -H-- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 05:00:00 | 000,382,464 | -H-- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | -H-- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | -H-- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | -H-- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 05:00:00 | 001,580,544 | -H-- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | -H-- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | -H-- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | -H-- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | -H-- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | -H-- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/04 05:00:00 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | -H-- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | -H-- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 05:00:00 | 000,170,496 | -H-- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 05:00:00 | 000,295,424 | -H-- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | -H-- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | -H-- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | -H-- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | -H-- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 05:00:00 | 000,082,944 | -H-- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\dllcache\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 05:00:00 | 000,129,536 | -H-- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Tue 06 Dec 2011, 7:29 am

I didn't notice this before but you have three AV programs on your computer. Please make sure that only one is active at any time.
Code:
AVG Free 8.0
AVG 2012
Microsoft Security Essentials

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Wed 07 Dec 2011, 2:57 am

Status: Disinfected (events: 2)
12/5/2011 5:01:44 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\39\f0cf627-4d4353d6 High
12/5/2011 5:01:44 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\39\f0cf627-4d4353d6/photo/Zoom.class High
Status: Deleted (events: 15)
12/5/2011 5:02:01 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-1ce32825 High
12/5/2011 5:02:00 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-340a640c High
12/5/2011 5:02:01 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-3a37770b High
12/5/2011 5:02:14 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-478853da High
12/5/2011 5:02:14 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-615c8bc2 High
12/5/2011 5:02:13 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-66e8ac51 High
12/5/2011 5:41:00 PM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP738\A0057179.lnk High
12/5/2011 5:41:01 PM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP748\A0067196.lnk High
12/5/2011 5:41:15 PM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP749\A0068265.lnk High
12/5/2011 5:41:15 PM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP749\A0068269.lnk High
12/5/2011 5:49:14 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP764\A0072479.exe High
12/5/2011 5:49:18 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP768\A0074588.exe High
12/5/2011 5:49:15 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP768\A0074589.exe High
12/5/2011 5:50:56 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP771\A0084712.exe High
12/5/2011 5:50:56 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP771\A0084712.exe//PE-Crypt.XorPE High

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Wed 07 Dec 2011, 3:40 am

Status: Disinfected (events: 1)
12/6/2011 11:38:09 AM Disinfected Trojan program Rootkit.Boot.SST.b \Device\Harddisk0\DR0 High

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Wed 07 Dec 2011, 5:07 am

ComboFix 11-12-03.01 - bridge 12/06/2011 12:31:49.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1651 [GMT -5:00]
Running from: c:\documents and settings\bridge\desktop\blackpudding.bat
Command switches used :: /killall
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\bridge\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\searchplugins\bing-zugo.xml
c:\documents and settings\bridge\Desktop\blackpudding.bat
c:\documents and settings\bridge\Desktop\System Fix.lnk
c:\documents and settings\bridge\Start Menu\Programs\System Fix
c:\documents and settings\bridge\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\bridge\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\documents and settings\bridge\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\
c:\windows\system32\usmt\migwiz_a.exe
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\system32\dllcache\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 17:36 . 2008-04-13 16:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-12-06 17:36 . 2008-04-13 16:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-05 21:00 . 2011-12-06 03:19 133208 ----a-w- c:\windows\system32\drivers\42227559.sys
2011-11-28 22:17 . 2011-11-28 22:17 -------- d-----w- C:\_OTL
2011-11-28 14:50 . 2011-11-28 14:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-11-28 14:27 . 2011-11-28 14:27 -------- d-----w- c:\documents and settings\bridge\Application Data\SUPERAntiSpyware.com
2011-11-28 14:27 . 2011-11-28 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-25 14:57 . 2011-11-25 14:57 -------- d--h--w- c:\documents and settings\Administrator
2011-11-25 14:19 . 2011-11-25 14:19 -------- d--h--w- c:\documents and settings\bridge\Local Settings\Application Data\PCHealth
2011-11-22 14:09 . 2011-11-22 14:09 -------- d--h--w- c:\program files\Conduit
2011-11-22 14:09 . 2011-11-22 14:09 -------- d--h--w- c:\documents and settings\bridge\Local Settings\Application Data\Bridge_Auto_Parts
2011-11-22 14:08 . 2011-11-22 14:09 -------- d--h--w- c:\program files\Bridge_Auto_Parts
2011-11-21 18:51 . 2011-11-21 19:56 -------- d--h--w- c:\program files\Spybot - Search & Destroy
2011-11-21 18:51 . 2011-11-21 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-21 18:25 . 2011-11-21 18:25 -------- d--h--w- c:\windows\AF499E523F6F420FA4E96341B4246E4B.TMP
2011-11-21 17:36 . 2011-11-21 17:36 -------- d--h--w- c:\windows\Internet Logs
2011-11-21 17:03 . 2010-10-19 20:51 222080 ---h--w- c:\windows\system32\MpSigStub.exe
2011-11-21 16:48 . 2011-11-21 16:48 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-11-16 15:34 . 2011-11-16 15:34 -------- d--h--w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-11-13 00:36 . 2011-11-21 21:52 -------- d-sh--w- c:\documents and settings\bridge\Local Settings\Application Data\4b14f1b1
2011-11-11 13:00 . 2011-11-05 06:53 134104 ---ha-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-11 13:00 . 2011-11-05 06:53 89048 ---ha-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-11 13:00 . 2011-11-05 06:53 801752 ---ha-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-11 13:00 . 2011-11-05 06:53 478168 ---ha-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-11 13:00 . 2011-11-05 06:53 1989592 ---ha-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-11 13:00 . 2011-11-05 06:53 15832 ---ha-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-11 13:00 . 2011-11-05 03:21 2106216 ---ha-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-11 13:00 . 2011-11-05 03:21 1998168 ---ha-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-10-28 03:53 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-09-30 18:21 . 2011-09-30 18:21 0 -c-ha-w- c:\windows\system32\ConduitEngine.tmp
2011-09-28 07:06 . 2004-08-04 10:00 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 10:00 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 10:00 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
2011-11-05 06:53 . 2011-11-11 13:00 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37d0e5c3-24d6-46bc-86db-72cdb80b13de}]
2011-05-09 08:49 176936 ---ha-w- c:\program files\Bridge_Auto_Parts\prxtbBrid.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37d0e5c3-24d6-46bc-86db-72cdb80b13de}"= "c:\program files\Bridge_Auto_Parts\prxtbBrid.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37d0e5c3-24d6-46bc-86db-72cdb80b13de}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37D0E5C3-24D6-46BC-86DB-72CDB80B13DE}"= "c:\program files\Bridge_Auto_Parts\prxtbBrid.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37d0e5c3-24d6-46bc-86db-72cdb80b13de}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\bridge\Start Menu\Programs\Startup\
autoease.lnk - c:\program files\FacetCorp\FacetWin\FacetWin Terminal Configurations\autoease.fwt [2008-10-28 1650]
OfficePopup.lnk - c:\program files\OfficePopup\OfficePopup.exe [2010-10-5 671744]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
QuickButtons General.lnk - c:\program files\QuickButtons\QuickButtons.exe [2005-12-13 501912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\bridge\Desktop\freespywareremoval\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\documents and settings\bridge\Desktop\freespywareremoval\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FacetCorp\\FacetWin\\fwagent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\xdeep32_40\\usr\\X11R6\\bin\\xdeep32.exe"=
"c:\\Program Files\\OfficePopup\\OfficePopup.exe"=
.
R0 42227559;42227559;c:\windows\system32\drivers\42227559.sys [12/5/2011 4:00 PM 133208]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\bridge\Desktop\freespywareremoval\sasdifsv.sys [11/28/2011 5:09 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\bridge\Desktop\freespywareremoval\SASKUTIL.SYS [11/28/2011 5:09 PM 67664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/5/2008 10:59 AM 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/5/2008 10:59 AM 76040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/5/2008 10:59 AM 97928]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/5/2008 10:59 AM 875288]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 3:15 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 3:15 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7a2da685e8d4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:14]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:14]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{79623B3E-72FC-401C-834F-64236350CB33}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-QuickButtons_1.0 - c:\windows\iun6002.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-12-06 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\documents and settings\bridge\Desktop\freespywareremoval\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\stsystra.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-06 12:57:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 17:57
.
Pre-Run: 61,111,017,472 bytes free
Post-Run: 61,275,541,504 bytes free
.
- - End Of File - - 886415CE89356F7D9166B27E9D34CE92

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Wed 07 Dec 2011, 7:12 am

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:
c:\windows\system32\drivers\42227559.sys
 

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*******************************************************

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Wed 07 Dec 2011, 7:28 am

computer infected still has no access to the internet Jotti's malware scan
dont work control v dont work

I will do the tdsskiller though

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Wed 07 Dec 2011, 7:34 am

15:32:03.0343 0108 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
15:32:03.0343 0108 ============================================================
15:32:03.0343 0108 Current date / time: 2011/12/06 15:32:03.0343
15:32:03.0343 0108 SystemInfo:
15:32:03.0343 0108
15:32:03.0343 0108 OS Version: 5.1.2600 ServicePack: 3.0
15:32:03.0343 0108 Product type: Workstation
15:32:03.0343 0108 ComputerName: BYPC3
15:32:03.0359 0108 UserName: bridge
15:32:03.0359 0108 Windows directory: C:\WINDOWS
15:32:03.0359 0108 System windows directory: C:\WINDOWS
15:32:03.0359 0108 Processor architecture: Intel x86
15:32:03.0359 0108 Number of processors: 1
15:32:03.0359 0108 Page size: 0x1000
15:32:03.0359 0108 Boot type: Normal boot
15:32:03.0359 0108 ============================================================
15:32:04.0500 0108 Initialize success
15:32:13.0125 1996 ============================================================
15:32:13.0125 1996 Scan started
15:32:13.0125 1996 Mode: Manual;
15:32:13.0125 1996 ============================================================
15:32:13.0500 1996 42227559 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\42227559.sys
15:32:13.0515 1996 42227559 - ok
15:32:13.0546 1996 Abiosdsk - ok
15:32:13.0562 1996 abp480n5 - ok
15:32:13.0593 1996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:32:13.0593 1996 ACPI - ok
15:32:13.0640 1996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:32:13.0640 1996 ACPIEC - ok
15:32:13.0656 1996 adpu160m - ok
15:32:13.0687 1996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:32:13.0687 1996 aec - ok
15:32:13.0750 1996 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:32:13.0750 1996 AFD - ok
15:32:13.0765 1996 Aha154x - ok
15:32:13.0781 1996 aic78u2 - ok
15:32:13.0781 1996 aic78xx - ok
15:32:13.0796 1996 AliIde - ok
15:32:13.0812 1996 amsint - ok
15:32:13.0828 1996 asc - ok
15:32:13.0843 1996 asc3350p - ok
15:32:13.0859 1996 asc3550 - ok
15:32:13.0906 1996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:32:13.0906 1996 AsyncMac - ok
15:32:13.0921 1996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:32:13.0921 1996 atapi - ok
15:32:13.0937 1996 Atdisk - ok
15:32:13.0953 1996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:32:13.0953 1996 Atmarpc - ok
15:32:14.0000 1996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:32:14.0000 1996 audstub - ok
15:32:14.0062 1996 AvgLdx86 (b02fbfa2ff91e8778a08f9a6053ccbe3) C:\WINDOWS\System32\Drivers\avgldx86.sys
15:32:14.0062 1996 AvgLdx86 - ok
15:32:14.0078 1996 AvgMfx86 (37a7618a843bb15b5430103c9945dc4c) C:\WINDOWS\System32\Drivers\avgmfx86.sys
15:32:14.0078 1996 AvgMfx86 - ok
15:32:14.0140 1996 AvgTdiX (c81db4dd6e6e650bf90bda09a00acc94) C:\WINDOWS\System32\Drivers\avgtdix.sys
15:32:14.0140 1996 AvgTdiX - ok
15:32:14.0187 1996 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:32:14.0187 1996 bcm4sbxp - ok
15:32:14.0234 1996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:32:14.0234 1996 Beep - ok
15:32:14.0250 1996 catchme - ok
15:32:14.0296 1996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:32:14.0296 1996 cbidf2k - ok
15:32:14.0312 1996 cd20xrnt - ok
15:32:14.0343 1996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:32:14.0343 1996 Cdaudio - ok
15:32:14.0406 1996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:32:14.0406 1996 Cdfs - ok
15:32:14.0453 1996 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
15:32:14.0453 1996 cercsr6 - ok
15:32:14.0468 1996 Changer - ok
15:32:14.0484 1996 CmdIde - ok
15:32:14.0515 1996 Cpqarray - ok
15:32:14.0515 1996 dac2w2k - ok
15:32:14.0531 1996 dac960nt - ok
15:32:14.0593 1996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:32:14.0593 1996 Disk - ok
15:32:14.0640 1996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:32:14.0656 1996 dmboot - ok
15:32:14.0687 1996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:32:14.0687 1996 dmio - ok
15:32:14.0718 1996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:32:14.0718 1996 dmload - ok
15:32:14.0765 1996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:32:14.0765 1996 DMusic - ok
15:32:14.0781 1996 dpti2o - ok
15:32:14.0812 1996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:32:14.0812 1996 drmkaud - ok
15:32:14.0828 1996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:32:14.0843 1996 Fastfat - ok
15:32:14.0859 1996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:32:14.0859 1996 Fdc - ok
15:32:14.0890 1996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:32:14.0890 1996 Fips - ok
15:32:14.0906 1996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:32:14.0906 1996 Flpydisk - ok
15:32:14.0937 1996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:32:14.0937 1996 FltMgr - ok
15:32:14.0953 1996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:32:14.0953 1996 Fs_Rec - ok
15:32:14.0984 1996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:32:15.0000 1996 Ftdisk - ok
15:32:15.0015 1996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:32:15.0015 1996 Gpc - ok
15:32:15.0078 1996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:32:15.0078 1996 HDAudBus - ok
15:32:15.0093 1996 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:32:15.0093 1996 hidusb - ok
15:32:15.0125 1996 hpn - ok
15:32:15.0171 1996 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:32:15.0187 1996 HSFHWBS2 - ok
15:32:15.0250 1996 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:32:15.0281 1996 HSF_DP - ok
15:32:15.0343 1996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:32:15.0343 1996 HTTP - ok
15:32:15.0359 1996 i2omgmt - ok
15:32:15.0375 1996 i2omp - ok
15:32:15.0406 1996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
15:32:15.0406 1996 i8042prt - ok
15:32:15.0421 1996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:32:15.0421 1996 Imapi - ok
15:32:15.0453 1996 ini910u - ok
15:32:15.0453 1996 IntelIde - ok
15:32:15.0500 1996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:32:15.0500 1996 Ip6Fw - ok
15:32:15.0531 1996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:32:15.0531 1996 IpFilterDriver - ok
15:32:15.0562 1996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:32:15.0562 1996 IpInIp - ok
15:32:15.0609 1996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:32:15.0609 1996 IpNat - ok
15:32:15.0625 1996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:32:15.0625 1996 IPSec - ok
15:32:15.0671 1996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:32:15.0671 1996 IRENUM - ok
15:32:15.0687 1996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:32:15.0687 1996 isapnp - ok
15:32:15.0703 1996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:32:15.0703 1996 Kbdclass - ok
15:32:15.0703 1996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:32:15.0703 1996 kbdhid - ok
15:32:15.0750 1996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:32:15.0750 1996 kmixer - ok
15:32:15.0796 1996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:32:15.0796 1996 KSecDD - ok
15:32:15.0812 1996 lbrtfdc - ok
15:32:15.0843 1996 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:32:15.0843 1996 mdmxsdk - ok
15:32:15.0875 1996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:32:15.0890 1996 mnmdd - ok
15:32:15.0921 1996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:32:15.0921 1996 Modem - ok
15:32:15.0953 1996 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:32:15.0968 1996 MODEMCSA - ok
15:32:16.0000 1996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:32:16.0000 1996 Mouclass - ok
15:32:16.0046 1996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:32:16.0046 1996 mouhid - ok
15:32:16.0062 1996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:32:16.0062 1996 MountMgr - ok
15:32:16.0078 1996 mraid35x - ok
15:32:16.0093 1996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:32:16.0093 1996 MRxDAV - ok
15:32:16.0156 1996 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:32:16.0156 1996 MRxSmb - ok
15:32:16.0171 1996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:32:16.0171 1996 Msfs - ok
15:32:16.0218 1996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:32:16.0218 1996 MSKSSRV - ok
15:32:16.0234 1996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:32:16.0234 1996 MSPCLOCK - ok
15:32:16.0250 1996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:32:16.0250 1996 MSPQM - ok
15:32:16.0281 1996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:32:16.0281 1996 mssmbios - ok
15:32:16.0328 1996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:32:16.0328 1996 Mup - ok
15:32:16.0375 1996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:32:16.0390 1996 NDIS - ok
15:32:16.0437 1996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:32:16.0437 1996 NdisTapi - ok
15:32:16.0453 1996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:32:16.0453 1996 Ndisuio - ok
15:32:16.0468 1996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:32:16.0468 1996 NdisWan - ok
15:32:16.0484 1996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:32:16.0484 1996 NDProxy - ok
15:32:16.0500 1996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:32:16.0500 1996 NetBIOS - ok
15:32:16.0515 1996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:32:16.0515 1996 NetBT - ok
15:32:16.0578 1996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:32:16.0578 1996 Npfs - ok
15:32:16.0625 1996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:32:16.0656 1996 Ntfs - ok
15:32:16.0718 1996 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:32:16.0718 1996 NuidFltr - ok
15:32:16.0750 1996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:32:16.0750 1996 Null - ok
15:32:16.0890 1996 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:32:17.0000 1996 nv - ok
15:32:17.0046 1996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:32:17.0046 1996 NwlnkFlt - ok
15:32:17.0062 1996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:32:17.0062 1996 NwlnkFwd - ok
15:32:17.0093 1996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:32:17.0093 1996 Parport - ok
15:32:17.0109 1996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:32:17.0109 1996 PartMgr - ok
15:32:17.0140 1996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:32:17.0140 1996 ParVdm - ok
15:32:17.0156 1996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:32:17.0156 1996 PCI - ok
15:32:17.0171 1996 PCIDump - ok
15:32:17.0187 1996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:32:17.0203 1996 PCIIde - ok
15:32:17.0218 1996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:32:17.0218 1996 Pcmcia - ok
15:32:17.0234 1996 PDCOMP - ok
15:32:17.0250 1996 PDFRAME - ok
15:32:17.0250 1996 PDRELI - ok
15:32:17.0265 1996 PDRFRAME - ok
15:32:17.0281 1996 perc2 - ok
15:32:17.0296 1996 perc2hib - ok
15:32:17.0343 1996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:32:17.0343 1996 PptpMiniport - ok
15:32:17.0359 1996 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:32:17.0359 1996 Processor - ok
15:32:17.0375 1996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:32:17.0375 1996 PSched - ok
15:32:17.0390 1996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:32:17.0390 1996 Ptilink - ok
15:32:17.0406 1996 ql1080 - ok
15:32:17.0421 1996 Ql10wnt - ok
15:32:17.0421 1996 ql12160 - ok
15:32:17.0437 1996 ql1240 - ok
15:32:17.0453 1996 ql1280 - ok
15:32:17.0468 1996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:32:17.0468 1996 RasAcd - ok
15:32:17.0484 1996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:32:17.0484 1996 Rasl2tp - ok
15:32:17.0500 1996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:32:17.0500 1996 RasPppoe - ok
15:32:17.0531 1996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:32:17.0531 1996 Raspti - ok
15:32:17.0562 1996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:32:17.0578 1996 Rdbss - ok
15:32:17.0578 1996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:32:17.0578 1996 RDPCDD - ok
15:32:17.0640 1996 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:32:17.0640 1996 RDPWD - ok
15:32:17.0687 1996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:32:17.0687 1996 redbook - ok
15:32:17.0875 1996 SASDIFSV (39763504067962108505bff25f024345) C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASDIFSV.SYS
15:32:17.0875 1996 SASDIFSV - ok
15:32:17.0890 1996 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASKUTIL.SYS
15:32:17.0890 1996 SASKUTIL - ok
15:32:17.0968 1996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:32:17.0968 1996 Secdrv - ok
15:32:18.0046 1996 Ser2pl (bdee4dcb4790f254528f1fd7bad213b3) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:32:18.0046 1996 Ser2pl - ok
15:32:18.0093 1996 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:32:18.0109 1996 Serenum - ok
15:32:18.0140 1996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:32:18.0140 1996 Serial - ok
15:32:18.0187 1996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:32:18.0187 1996 Sfloppy - ok
15:32:18.0203 1996 Simbad - ok
15:32:18.0218 1996 Sparrow - ok
15:32:18.0234 1996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:32:18.0234 1996 splitter - ok
15:32:18.0296 1996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:32:18.0296 1996 sr - ok
15:32:18.0359 1996 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:32:18.0375 1996 Srv - ok
15:32:18.0453 1996 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
15:32:18.0468 1996 STHDA - ok
15:32:18.0484 1996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:32:18.0484 1996 swenum - ok
15:32:18.0531 1996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:32:18.0531 1996 swmidi - ok
15:32:18.0562 1996 symc810 - ok
15:32:18.0562 1996 symc8xx - ok
15:32:18.0578 1996 sym_hi - ok
15:32:18.0593 1996 sym_u3 - ok
15:32:18.0609 1996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:32:18.0609 1996 sysaudio - ok
15:32:18.0671 1996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:32:18.0671 1996 Tcpip - ok
15:32:18.0718 1996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:32:18.0718 1996 TDPIPE - ok
15:32:18.0734 1996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:32:18.0734 1996 TDTCP - ok
15:32:18.0781 1996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:32:18.0781 1996 TermDD - ok
15:32:18.0796 1996 TosIde - ok
15:32:18.0843 1996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:32:18.0843 1996 Udfs - ok
15:32:18.0859 1996 ultra - ok
15:32:18.0921 1996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:32:18.0953 1996 Update - ok
15:32:18.0984 1996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:32:19.0000 1996 usbccgp - ok
15:32:19.0031 1996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:32:19.0031 1996 usbehci - ok
15:32:19.0046 1996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:32:19.0046 1996 usbhub - ok
15:32:19.0093 1996 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:32:19.0093 1996 usbohci - ok
15:32:19.0125 1996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:32:19.0125 1996 usbprint - ok
15:32:19.0187 1996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:32:19.0187 1996 usbscan - ok
15:32:19.0250 1996 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:32:19.0250 1996 usbstor - ok
15:32:19.0265 1996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:32:19.0265 1996 VgaSave - ok
15:32:19.0281 1996 ViaIde - ok
15:32:19.0281 1996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:32:19.0296 1996 VolSnap - ok
15:32:19.0343 1996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:32:19.0343 1996 Wanarp - ok
15:32:19.0406 1996 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:32:19.0421 1996 Wdf01000 - ok
15:32:19.0421 1996 WDICA - ok
15:32:19.0468 1996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:32:19.0468 1996 wdmaud - ok
15:32:19.0546 1996 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:32:19.0562 1996 winachsf - ok
15:32:19.0640 1996 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:32:19.0750 1996 \Device\Harddisk0\DR0 - ok
15:32:19.0765 1996 Boot (0x1200) (4c3f6e8e4bdaddebee4e4974504edfe5) \Device\Harddisk0\DR0\Partition0
15:32:19.0765 1996 \Device\Harddisk0\DR0\Partition0 - ok
15:32:19.0765 1996 ============================================================
15:32:19.0765 1996 Scan finished
15:32:19.0765 1996 ============================================================
15:32:19.0781 0240 Detected object count: 0
15:32:19.0781 0240 Actual detected object count: 0

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Wed 07 Dec 2011, 1:25 pm

Sorry. I didn't know that you still couldn't access the net. Are you using a wireless connection? Did you try resetting your modem?

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Thu 08 Dec 2011, 5:09 am

just tried no good

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Thu 08 Dec 2011, 6:08 am

dannyr wrote:just tried no good
Is it wireless or wired?

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by dannyr on Thu 08 Dec 2011, 6:13 am

wired

dannyr

Newbie Surfer
Newbie Surfer

Posts : 39
Joined : 2011-11-26
Operating System : windows xp

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Superdave on Thu 08 Dec 2011, 6:48 am

A device attached to the system is not functioning. (0x8007001f)
This showed up when you ran MiniToolBox. Could you please check your Device Manager to see if there are any yellow question marks there. Yet, it also shows that the signal is getting through.

Download WinSockXPFix to fix broken LSP chain for XP (if needed).

  • Double click on WinsockXPFix.
  • Click Fix.

Superdave
Tech Staff


Tech Staff

Posts : 4191
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: need help with->DOS/ALUREON.E

Post by Sponsored content Today at 9:46 am


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum