dos:alureon.e

View previous topic View next topic Go down

dos:alureon.e

Post by benjaminrogers on Tue Dec 20, 2011 6:57 pm

Infected with dos:alureon.e

Have tried a Windows 7 Home Premium N reinstall but it didn't work and now I'm at my wits end. WSE finds it but can't seem to remove it. Any help is GREATLY appreciated!


Below are all beginning required scans.

OTL Log is in second post.
__________________________________________________________________
OTL Extras logfile created on: 12/20/2011 1:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ben\Downloads
Home Premium Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 63.14% Memory free
5.49 Gb Paging File | 4.50 Gb Available in Paging File | 81.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.75 Gb Total Space | 94.42 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS

Computer Name: BEN-LAPTOP | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2011 6:36:30 PM | Computer Name = Ben-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 12/19/2011 7:11:26 PM | Computer Name = Ben-Laptop | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 12/19/2011 10:10:56 PM | Computer Name = Ben-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 12/19/2011 10:17:42 PM | Computer Name = Ben-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 12/20/2011 9:17:03 AM | Computer Name = Ben-Laptop | Source = System Restore | ID = 8193
Description =

Error - 12/20/2011 9:17:04 AM | Computer Name = Ben-Laptop | Source = VSS | ID = 12289
Description =

Error - 12/20/2011 9:23:34 AM | Computer Name = Ben-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 12/20/2011 9:51:56 AM | Computer Name = Ben-Laptop | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 12/20/2011 10:20:24 AM | Computer Name = Ben-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 12/20/2011 10:46:23 AM | Computer Name = Ben-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/20/2011 10:29:43 AM | Computer Name = Ben-Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.117.1378.0, AS: 1.117.1378.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/20/2011 10:43:45 AM | Computer Name = Ben-Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: Ben-Laptop\Ben Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.117.1438.0, AS: 1.117.1438.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0,
NIS: 2.0.7707.0

Error - 12/20/2011 10:43:45 AM | Computer Name = Ben-Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: Ben-Laptop\Ben Process
Name: System Action: %%809 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x80070032 Error description: The request is not supported.
Signature Version: AV: 1.117.1438.0, AS: 1.117.1438.0, NIS: 10.7.0.0 Engine Version:
AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/20/2011 10:44:41 AM | Computer Name = Ben-Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/20/2011 10:44:41 AM | Computer Name = Ben-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/20/2011 10:44:57 AM | Computer Name = Ben-Laptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 12/20/2011 10:45:41 AM | Computer Name = Ben-Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: Ben-Laptop\Ben Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.117.1438.0, AS: 1.117.1438.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/20/2011 10:45:41 AM | Computer Name = Ben-Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: Ben-Laptop\Ben Process
Name: C:\Windows\System32\svchost.exe Action: %%809 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x80070032 Error description:
The request is not supported. Signature Version: AV: 1.117.1438.0, AS: 1.117.1438.0,
NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/20/2011 11:15:38 AM | Computer Name = Ben-Laptop | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
[You must be registered and logged in to see this link.]

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.117.1438.0, AS: 1.117.1438.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0,
NIS: 2.0.7707.0

Error - 12/20/2011 1:53:37 PM | Computer Name = Ben-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

______________________________________________________________

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-20 13:38:36
-----------------------------
13:38:36.249 OS Version: Windows 6.1.7601 Service Pack 1
13:38:36.249 Number of processors: 2 586 0x301
13:38:36.249 ComputerName: BEN-LAPTOP UserName: Ben
13:38:38.449 Initialize success
13:40:31.383 AVAST engine defs: 11122000
13:40:44.502 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:40:44.518 Disk 0 Vendor: FUJITSU_MHZ2200BH_G1 00400209 Size: 190782MB BusType: 11
13:40:46.608 Disk 0 MBR read successfully
13:40:46.624 Disk 0 MBR scan
13:40:46.639 Disk 0 Windows 7 default MBR code
13:40:46.655 Disk 0 scanning sectors +390721952
13:40:46.858 Disk 0 scanning C:\Windows\system32\drivers
13:41:00.445 Service scanning
13:41:01.335 Service MpKsl803c4964 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EFB6DD6E-7E2D-4590-AE43-D6C18E9E15A6}\MpKsl803c4964.sys **LOCKED** 32
13:41:01.350 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:41:02.052 Modules scanning
13:41:16.716 Disk 0 trace - called modules:
13:41:16.763 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
13:41:16.779 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c0eac8]
13:41:16.779 3 CLASSPNP.SYS[8a7b059e] -> nt!IofCallDriver -> [0x857376d8]
13:41:16.794 5 ACPI.sys[82fa63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85701908]
13:41:18.229 AVAST engine scan C:\Windows
13:41:20.866 AVAST engine scan C:\Windows\system32
13:44:14.338 AVAST engine scan C:\Windows\system32\drivers
13:44:27.598 AVAST engine scan C:\Users\Ben
13:45:31.262 AVAST engine scan C:\ProgramData
13:45:44.148 Scan finished successfully
13:46:19.052 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
13:46:19.064 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

________________________________________________________________________

Results of screen317's Security Check version 0.99.29
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````




benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Tue Dec 20, 2011 6:58 pm

OTL logfile created on: 12/20/2011 1:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ben\Downloads
Home Premium Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 63.14% Memory free
5.49 Gb Paging File | 4.50 Gb Available in Paging File | 81.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.75 Gb Total Space | 94.42 Gb Free Space | 51.11% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS

Computer Name: BEN-LAPTOP | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 13:02:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Downloads\OTL.com
PRC - [2011/06/15 18:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 18:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 18:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 18:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:31:10 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/08/18 05:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/12/19 09:37:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 18:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 18:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 09:44:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EFB6DD6E-7E2D-4590-AE43-D6C18E9E15A6}\MpKsl803c4964.sys -- (MpKsl803c4964)
DRV - [2011/04/27 18:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 16:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 16:31:16 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:30:51 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/09/21 20:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/18 06:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/11/09 08:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 46 9F E3 67 BC CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/16 22:00:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/16 22:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2011/12/16 22:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C4D26AF-8F26-4D69-B093-EE538E16381A}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 13:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/20 13:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/12/20 13:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/12/20 13:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/20 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Adobe
[2011/12/19 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/19 17:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/12/19 17:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/19 17:16:05 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/12/19 17:16:04 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/12/19 17:16:02 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/12/19 17:16:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/12/19 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/19 17:14:09 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/12/19 17:14:09 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/12/19 17:07:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/12/16 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Macromedia
[2011/12/16 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Adobe
[2011/12/16 22:15:30 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/16 22:15:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/12/16 22:08:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/12/16 22:08:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 22:08:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/16 22:08:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 22:08:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 22:08:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 22:08:25 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/12/16 22:08:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/12/16 22:08:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/12/16 22:08:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/12/16 22:08:20 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/16 22:08:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/12/16 22:08:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/12/16 22:08:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/16 22:07:44 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/12/16 22:07:43 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/12/16 22:07:43 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/12/16 22:07:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/12/16 22:07:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/12/16 22:07:42 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/12/16 22:07:40 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/16 22:07:40 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/12/16 22:07:35 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/12/16 22:07:33 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/12/16 22:07:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/16 22:07:31 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/12/16 22:07:30 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/12/16 22:07:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/12/16 22:07:27 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/12/16 22:07:25 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/12/16 22:07:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/12/16 22:07:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/12/16 22:07:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/12/16 22:07:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/16 22:07:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/16 22:07:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/16 22:07:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/12/16 22:07:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/12/16 22:07:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/16 22:07:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/16 22:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/12/16 22:07:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/12/16 22:07:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/12/16 22:07:22 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/12/16 22:07:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/12/16 22:07:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/12/16 22:07:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/12/16 22:07:20 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/16 22:07:20 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/16 22:07:15 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/12/16 22:07:15 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/12/16 22:07:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/12/16 22:07:11 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/12/16 22:07:11 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/12/16 22:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/16 22:05:50 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2011/12/16 22:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/12/16 22:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/12/16 22:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/16 22:03:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/12/16 22:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/12/16 22:01:54 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/12/16 22:01:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Mozilla
[2011/12/16 22:01:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Mozilla
[2011/12/16 22:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/12/16 21:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/12/16 21:58:24 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Microsoft Help
[2011/12/16 21:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/16 21:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/12/16 21:58:07 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/12/16 04:43:29 | 000,000,000 | R--D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/16 04:43:29 | 000,000,000 | R--D | C] -- C:\Users\Ben\Searches
[2011/12/16 04:43:29 | 000,000,000 | R--D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/16 04:43:29 | 000,000,000 | -H-D | C] -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/12/16 04:43:22 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Identities
[2011/12/16 04:43:20 | 000,000,000 | R--D | C] -- C:\Users\Ben\Contacts
[2011/12/16 04:43:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\VirtualStore
[2011/12/16 04:43:10 | 000,000,000 | --SD | C] -- C:\Users\Ben\AppData\Roaming\Microsoft
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Videos
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Saved Games
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Pictures
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Music
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Links
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Favorites
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Downloads
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Documents
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\Desktop
[2011/12/16 04:43:10 | 000,000,000 | R--D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\AppData\Local\Temporary Internet Files
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Templates
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Start Menu
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\SendTo
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Recent
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\PrintHood
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\NetHood
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Documents\My Videos
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Documents\My Pictures
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Documents\My Music
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\My Documents
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Local Settings
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\AppData\Local\History
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Cookies
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\Application Data
[2011/12/16 04:43:10 | 000,000,000 | -HSD | C] -- C:\Users\Ben\AppData\Local\Application Data
[2011/12/16 04:43:10 | 000,000,000 | -H-D | C] -- C:\Users\Ben\AppData
[2011/12/16 04:43:10 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Temp
[2011/12/16 04:43:10 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Microsoft
[2011/12/16 04:22:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/12/16 04:19:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/12/16 04:18:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/12/16 04:18:01 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/16 04:09:14 | 000,000,000 | ---D | C] -- C:\Windows.old

========== Files - Modified Within 30 Days ==========

[2011/12/20 13:04:46 | 000,020,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 13:04:46 | 000,020,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 13:00:57 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/20 12:53:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 09:49:16 | 000,617,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 09:49:16 | 000,104,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 09:44:35 | 2212,892,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 17:35:27 | 000,403,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/19 17:25:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/19 17:23:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/12/19 17:22:58 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/12/16 22:15:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/16 21:59:13 | 000,001,411 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/16 04:23:43 | 000,108,309 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/12/16 04:21:47 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/12/16 04:18:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/11/23 23:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files Created - No Company Name ==========

[2011/12/20 13:00:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/12/20 13:00:57 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/19 17:25:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/19 17:24:54 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/19 17:23:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2011/12/19 17:22:58 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/12/16 22:00:57 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/16 21:59:13 | 000,001,411 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/16 04:43:31 | 000,001,417 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/12/16 04:43:10 | 000,000,290 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/16 04:43:10 | 000,000,272 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/16 04:21:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/16 04:18:05 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/12/16 04:18:02 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/06/10 09:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/13 23:55:27 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:02:04 | 000,403,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,617,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,104,702 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 22:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/20 23:04:51 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/20 23:04:51 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/20 23:04:51 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/12/20 13:01:36 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/12/20 13:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/12/19 17:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/11/20 19:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/12/16 22:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/12/19 17:25:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/12/19 17:15:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/12/16 22:03:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/12/16 21:59:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/12/19 17:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/12/16 22:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/12/16 22:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/12/16 22:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/13 23:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/12/19 17:23:29 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/13 23:17:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/11/20 19:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/11/20 19:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/11/20 19:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/07/13 23:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/11/20 19:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2010/11/20 19:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows.old\Windows\System32\drivers\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows.old\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2010/11/20 16:31:06 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 16:31:06 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 00:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2010/11/20 16:30:52 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 16:30:52 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-20 13:18:16

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 16:31:17 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 16:31:17 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 16:31:17 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 16:31:22 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 16:31:22 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/20 23:04:51 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 16:31:17 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 16:31:17 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 16:31:17 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 16:31:22 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 16:31:22 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Tue Dec 20, 2011 11:29 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Wed Dec 21, 2011 2:06 am

Combofix.txt

_____________________________________________________________
ComboFix 11-12-20.04 - Ben 12/20/2011 20:55:53.1.2 - x86
Microsoft Windows 7 Home Premium N 6.1.7601.1.1252.1.1033.18.2814.1748 [GMT -5:00]
Running from: c:\users\Ben\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 02:00 . 2011-12-21 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-20 18:01 . 2011-12-20 18:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-12-20 18:00 . 2011-12-20 18:00 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-20 14:44 . 2011-12-20 14:44 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB6DD6E-7E2D-4590-AE43-D6C18E9E15A6}\MpKsl803c4964.sys
2011-12-20 14:44 . 2011-12-20 14:44 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB6DD6E-7E2D-4590-AE43-D6C18E9E15A6}\offreg.dll
2011-12-20 14:43 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-20 14:42 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB6DD6E-7E2D-4590-AE43-D6C18E9E15A6}\mpengine.dll
2011-12-19 22:38 . 2011-12-19 22:38 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80E01B12-B863-4342-BFA0-17684B209307}\gapaengine.dll
2011-12-19 22:24 . 2011-12-19 22:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-19 22:23 . 2011-12-19 22:23 -------- d-----w- c:\program files\Synaptics
2011-12-19 22:15 . 2011-12-19 22:15 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-19 22:14 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-12-19 22:14 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-12-19 22:14 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-19 22:07 . 2011-12-19 22:07 -------- d-----w- c:\windows\system32\Wat
2011-12-19 14:37 . 2011-12-19 14:37 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-12-17 03:15 . 2011-12-17 03:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 03:15 . 2011-12-17 03:15 -------- d-----w- c:\windows\system32\Macromed
2011-12-17 03:07 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-17 03:05 . 2008-11-10 19:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-12-17 03:05 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-12-17 03:03 . 2011-12-19 22:18 -------- d-----w- c:\program files\Microsoft Works
2011-12-17 03:03 . 2011-12-17 03:03 -------- d-----w- c:\windows\PCHEALTH
2011-12-17 03:03 . 2011-12-17 03:03 -------- d-----w- c:\program files\Microsoft.NET
2011-12-17 03:01 . 2011-11-30 10:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDB32E5F-F339-42D7-A301-1070263A08D7}\mpengine.dll
2011-12-17 03:01 . 2011-11-15 22:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-17 02:59 . 2011-12-17 02:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-12-17 02:58 . 2011-12-19 22:23 -------- d-----w- c:\programdata\Microsoft Help
2011-12-17 02:58 . 2011-12-20 18:01 -------- d-sh--w- c:\windows\Installer
2011-12-16 09:42 . 2011-12-19 22:09 -------- d-----w- c:\users\Ben
2011-12-16 09:21 . 2011-12-16 09:21 0 ----a-w- c:\windows\ativpsrm.bin
2011-12-16 09:18 . 2011-12-16 09:42 -------- d-----w- c:\windows\Panther
2011-12-16 09:18 . 2011-12-16 09:18 -------- d-----w- C:\Boot
2011-12-16 09:09 . 2011-12-20 14:53 -------- d-----w- C:\Windows.old
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:04 . 2011-12-17 03:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-19 1343400]
S1 MpKsl803c4964;MpKsl803c4964;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB6DD6E-7E2D-4590-AE43-D6C18E9E15A6}\MpKsl803c4964.sys [2011-12-20 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL803C4964
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\vp3zht8a.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-20 21:02:32
ComboFix-quarantined-files.txt 2011-12-21 02:02
.
Pre-Run: 100,093,485,056 bytes free
Post-Run: 99,885,191,168 bytes free
.
- - End Of File - - 435101AB64E0DAA345EA5EC861CE7A30

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Fri Dec 23, 2011 12:22 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Fri Dec 23, 2011 4:37 am

This is all it said in the log.txt
______________________________
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Sat Dec 24, 2011 4:04 pm

Congratulations!! Your PC is all clean! ;D

To uninstall ComboFix



  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)



  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

=========



Please run OTL.exe.


  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [emptytemp]
    [emptyflash]
    [clearallrestorepoints]
    [reboot]

    Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

======

Remove OTL:

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.


  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
=======

Download [URL="http://screen317.changelog.fr/SecurityCheck.exe"]Security Check[/URL] by screen317 and save it to your Desktop.

  • Double-click Security Check.exe to start the application
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.
=======

In your next reply:
[/U]
Please confirm removal of the tools
Post the SecurityCheck log


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Sat Dec 24, 2011 5:36 pm

Here is the checkup.txt results but I'm still having issues with Windows Security Essentials finding the malware and wanting to remove it. During the removal process it crashes. Any ideas?

Results of screen317's Security Check version 0.99.29
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware MpCmdRun.exe
``````````End of Log````````````

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Fri Dec 30, 2011 1:42 am

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight

    Adobe Reader 9.4.0

  • Click on the Uninstall/Change button at the top.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 8.0 you currently have installed, so you won't lose any bookmarked websites.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Fri Dec 30, 2011 3:22 pm

I've done the above and am not having any issues other than WSE still reporting that there is a problem. When I click apply actions to remove it, WSE errors out but still tells me I have to reboot.


benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Tue Jan 03, 2012 1:08 am

What's WSE? You mean MSE?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Tue Jan 03, 2012 1:15 am

Yes, sorry. It's Microsoft Security Essentials and I just ran another scan. It finds the problem and when I tell it to Clean the Computer it encounters an error.

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Fri Jan 06, 2012 6:26 pm

Can you take a screenshot of the error please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Sat Jan 07, 2012 2:36 am

Image attached

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Fri Jan 13, 2012 12:51 am

Hello.
Sorry for the delay.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Fri Jan 13, 2012 12:56 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: ATI Corp.
BIOS Manufacturer: Insyde Corp.
System Manufacturer: TOSHIBA
System Product Name: Satellite L305D
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 187):
0x82819000 \SystemRoot\system32\ntkrnlpa.exe
0x82C2B000 \SystemRoot\system32\halmacpi.dll
0x80BBD000 \SystemRoot\system32\kdcom.dll
0x82E19000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x82E24000 \SystemRoot\system32\PSHED.dll
0x82E35000 \SystemRoot\system32\BOOTVID.dll
0x82E3D000 \SystemRoot\system32\CLFS.SYS
0x82E7F000 \SystemRoot\system32\CI.dll
0x82F2A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82F9B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82FA9000 \SystemRoot\system32\drivers\ACPI.sys
0x82FF1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82E00000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A222000 \SystemRoot\system32\drivers\pci.sys
0x8A24C000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8A257000 \SystemRoot\System32\drivers\partmgr.sys
0x8A268000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A270000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A27B000 \SystemRoot\system32\drivers\volmgr.sys
0x8A28B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A2D6000 \SystemRoot\system32\drivers\pciide.sys
0x8A2DD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A2EB000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A301000 \SystemRoot\system32\drivers\atapi.sys
0x8A30A000 \SystemRoot\system32\drivers\ataport.SYS
0x8A32D000 \SystemRoot\system32\drivers\msahci.sys
0x8A337000 \SystemRoot\system32\drivers\amdxata.sys
0x8A340000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A374000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A407000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A536000 \SystemRoot\System32\Drivers\msrpc.sys
0x8A561000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A574000 \SystemRoot\System32\Drivers\cng.sys
0x8A5D1000 \SystemRoot\System32\drivers\pcw.sys
0x8A5DF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8A60C000 \SystemRoot\system32\drivers\ndis.sys
0x8A6C3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A701000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8A81A000 \SystemRoot\System32\drivers\tcpip.sys
0x8A964000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A995000 \SystemRoot\system32\drivers\volsnap.sys
0x8A9D4000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8A9D9000 \SystemRoot\System32\Drivers\spldr.sys
0x8A726000 \SystemRoot\System32\drivers\rdyboost.sys
0x8A9E1000 \SystemRoot\System32\Drivers\mup.sys
0x8A9F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8A753000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8A800000 \SystemRoot\system32\drivers\disk.sys
0x8A785000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A385000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8A811000 \SystemRoot\System32\Drivers\Null.SYS
0x8A9F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A600000 \SystemRoot\System32\drivers\vga.sys
0x8A3AC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A5E8000 \SystemRoot\System32\drivers\watchdog.sys
0x8A5F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8A3CD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A3D5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8A3DD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A3E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A200000 \SystemRoot\system32\DRIVERS\tdx.sys
0x82E08000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FA19000 \SystemRoot\system32\drivers\afd.sys
0x8FA73000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FAA5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8FAAC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FACB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8FADC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FAEA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FAFD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FB0E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FB4F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FB59000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FB63000 \SystemRoot\System32\drivers\discache.sys
0x8FB6F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FB87000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FB95000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FBB6000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8FBBE000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x8FBCF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FC39000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8F62C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F6E3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8F71C000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x90238000 \SystemRoot\system32\DRIVERS\athr.sys
0x90365000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9036F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90379000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x903C4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x903D3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90200000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90218000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F77E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90225000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90227000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x903F2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8F7AE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F7C0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F7D8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F600000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F7E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9014E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90165000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90234000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9017C000 \SystemRoot\system32\DRIVERS\ks.sys
0x901B0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x94816000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9485A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9486B000 \SystemRoot\system32\drivers\HdAudio.sys
0x948BB000 \SystemRoot\system32\drivers\portcls.sys
0x948EA000 \SystemRoot\system32\drivers\drmk.sys
0x95207000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9530D000 \SystemRoot\system32\drivers\modem.sys
0x971B0000 \SystemRoot\System32\win32k.sys
0x9531A000 \SystemRoot\System32\drivers\Dxapi.sys
0x95324000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95331000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9533C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x95346000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95357000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9536E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x95392000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9539D000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x97010000 \SystemRoot\System32\TSDDD.dll
0x97040000 \SystemRoot\System32\cdd.dll
0x953B4000 \SystemRoot\system32\drivers\luafv.sys
0x953CF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94903000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x953DF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94949000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x953EF000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x9495C000 \SystemRoot\system32\drivers\HTTP.sys
0x949E1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x94800000 \SystemRoot\System32\drivers\mpsdrv.sys
0x901BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B221000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B25C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B28F000 \SystemRoot\system32\drivers\peauth.sys
0x9B326000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B330000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B351000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B35E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B3AE000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B206000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x9EC89000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9EC92000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9EC9C000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97406E0E-68CC-4973-953F-754DF09A2263}\MpKsl39c43356.sys
0x77070000 \Windows\System32\ntdll.dll
0x48330000 \Windows\System32\smss.exe
0x772B0000 \Windows\System32\apisetschema.dll
0x00F00000 \Windows\System32\autochk.exe
0x76ED0000 \Windows\System32\setupapi.dll
0x77250000 \Windows\System32\gdi32.dll
0x77210000 \Windows\System32\ws2_32.dll
0x771C0000 \Windows\System32\Wldap32.dll
0x76CD0000 \Windows\System32\iertutil.dll
0x76C70000 \Windows\System32\shlwapi.dll
0x76BA0000 \Windows\System32\user32.dll
0x76B00000 \Windows\System32\usp10.dll
0x76A80000 \Windows\System32\comdlg32.dll
0x76920000 \Windows\System32\ole32.dll
0x76870000 \Windows\System32\msvcrt.dll
0x771B0000 \Windows\System32\nsi.dll
0x767C0000 \Windows\System32\rpcrt4.dll
0x767B0000 \Windows\System32\lpk.dll
0x76710000 \Windows\System32\advapi32.dll
0x76640000 \Windows\System32\msctf.dll
0x76630000 \Windows\System32\psapi.dll
0x76550000 \Windows\System32\kernel32.dll
0x76450000 \Windows\System32\wininet.dll
0x75800000 \Windows\System32\shell32.dll
0x757F0000 \Windows\System32\normaliz.dll
0x757D0000 \Windows\System32\sechost.dll
0x757B0000 \Windows\System32\imm32.dll
0x75720000 \Windows\System32\clbcatq.dll
0x75690000 \Windows\System32\oleaut32.dll
0x75660000 \Windows\System32\imagehlp.dll
0x75600000 \Windows\System32\difxapi.dll
0x754C0000 \Windows\System32\urlmon.dll
0x753A0000 \Windows\System32\crypt32.dll
0x75370000 \Windows\System32\cfgmgr32.dll
0x752E0000 \Windows\System32\comctl32.dll
0x75290000 \Windows\System32\KernelBase.dll
0x75270000 \Windows\System32\devobj.dll
0x75240000 \Windows\System32\wintrust.dll
0x75230000 \Windows\System32\msasn1.dll

Processes (total 50):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
372 csrss.exe
448 C:\Windows\System32\wininit.exe
456 csrss.exe
496 C:\Windows\System32\services.exe
520 C:\Windows\System32\lsass.exe
528 C:\Windows\System32\lsm.exe
604 C:\Windows\System32\winlogon.exe
676 C:\Windows\System32\svchost.exe
752 C:\Windows\System32\svchost.exe
800 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
900 C:\Windows\System32\atiesrxx.exe
944 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\spoolsv.exe
1668 C:\Windows\System32\svchost.exe
1772 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1832 C:\Windows\System32\svchost.exe
1968 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1376 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1952 C:\Windows\System32\atieclxx.exe
2060 C:\Windows\System32\svchost.exe
2096 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2768 C:\Windows\System32\SearchIndexer.exe
772 C:\Windows\System32\taskhost.exe
3740 C:\Windows\System32\dwm.exe
3940 C:\Windows\explorer.exe
1884 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2724 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2376 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2336 C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
2352 C:\Program Files\Microsoft Security Client\msseces.exe
2164 C:\Windows\System32\audiodg.exe
1700 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2216 C:\Windows\System32\svchost.exe
1464 dllhost.exe
3580 C:\Program Files\Mozilla Firefox\firefox.exe
1244 C:\Program Files\Mozilla Firefox\plugin-container.exe
2068 C:\Windows\System32\mspaint.exe
3492 C:\Windows\System32\svchost.exe
3340 C:\Windows\System32\SearchProtocolHost.exe
3080 C:\Windows\System32\SearchFilterHost.exe
3448 C:\Users\Ben\Desktop\MBRCheck.exe
3008 C:\Windows\System32\conhost.exe
4036 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`64100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2200BHG1, Rev: 00400209

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Sat Jan 21, 2012 5:12 pm

I'm sorry I thought I had posted the file! It is attached

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Wed Jan 25, 2012 6:28 pm

Looks okay, any difference?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Wed Jan 25, 2012 11:05 pm

Nope. Still sensing it.

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Fri Jan 27, 2012 8:23 pm

Lets get an MBR dump.

Dump the MBR

Re-Run MBRCheck.exe


  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply


Last edited by Belahzur on Tue Jan 31, 2012 1:26 am; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Fri Jan 27, 2012 8:36 pm

for some reason I can't read the small print in the lower instructions?

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Fri Jan 27, 2012 11:19 pm

I don't get an option to dump the MBR. I've attached a screenshot of the dos window

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by Belahzur on Tue Jan 31, 2012 1:28 am

Hello.
Lets try this then.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Tue Jan 31, 2012 1:41 am

I did also notice I have a d:\ that says System Reserved if that helps. Here is TDSSKiller results

20:39:19.0756 3460 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
20:39:20.0187 3460 ============================================================
20:39:20.0188 3460 Current date / time: 2012/01/30 20:39:20.0187
20:39:20.0188 3460 SystemInfo:
20:39:20.0188 3460
20:39:20.0188 3460 OS Version: 6.1.7601 ServicePack: 1.0
20:39:20.0188 3460 Product type: Workstation
20:39:20.0189 3460 ComputerName: BEN-LAPTOP
20:39:20.0189 3460 UserName: Ben
20:39:20.0189 3460 Windows directory: C:\Windows
20:39:20.0190 3460 System windows directory: C:\Windows
20:39:20.0190 3460 Processor architecture: Intel x86
20:39:20.0190 3460 Number of processors: 2
20:39:20.0190 3460 Page size: 0x1000
20:39:20.0190 3460 Boot type: Normal boot
20:39:20.0190 3460 ============================================================
20:39:22.0242 3460 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:39:22.0472 3460 \Device\Harddisk0\DR0:
20:39:22.0472 3460 MBR used
20:39:22.0472 3460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x32000
20:39:22.0473 3460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x320800, BlocksNum 0x1717E000
20:39:22.0549 3460 Initialize success
20:39:22.0549 3460 ============================================================
20:39:24.0345 1340 ============================================================
20:39:24.0345 1340 Scan started
20:39:24.0345 1340 Mode: Manual;
20:39:24.0345 1340 ============================================================
20:39:25.0950 1340 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:39:25.0960 1340 1394ohci - ok
20:39:26.0022 1340 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:39:26.0033 1340 ACPI - ok
20:39:26.0087 1340 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:39:26.0090 1340 AcpiPmi - ok
20:39:26.0303 1340 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
20:39:26.0339 1340 adp94xx - ok
20:39:26.0403 1340 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
20:39:26.0425 1340 adpahci - ok
20:39:26.0486 1340 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
20:39:26.0495 1340 adpu320 - ok
20:39:26.0708 1340 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:39:26.0732 1340 AFD - ok
20:39:26.0989 1340 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
20:39:27.0059 1340 AgereSoftModem - ok
20:39:27.0178 1340 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:39:27.0184 1340 agp440 - ok
20:39:27.0252 1340 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
20:39:27.0259 1340 aic78xx - ok
20:39:27.0337 1340 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:39:27.0341 1340 aliide - ok
20:39:27.0397 1340 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:39:27.0401 1340 amdagp - ok
20:39:27.0501 1340 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:39:27.0505 1340 amdide - ok
20:39:27.0568 1340 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
20:39:27.0574 1340 AmdK8 - ok
20:39:27.0641 1340 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:39:27.0646 1340 AmdPPM - ok
20:39:27.0731 1340 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:39:27.0738 1340 amdsata - ok
20:39:27.0804 1340 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
20:39:27.0814 1340 amdsbs - ok
20:39:27.0958 1340 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:39:27.0963 1340 amdxata - ok
20:39:28.0059 1340 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:39:28.0064 1340 AppID - ok
20:39:28.0163 1340 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
20:39:28.0167 1340 arc - ok
20:39:28.0212 1340 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
20:39:28.0218 1340 arcsas - ok
20:39:28.0336 1340 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:39:28.0339 1340 AsyncMac - ok
20:39:28.0387 1340 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:39:28.0389 1340 atapi - ok
20:39:28.0540 1340 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
20:39:28.0611 1340 athr - ok
20:39:28.0857 1340 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
20:39:29.0084 1340 atikmdag - ok
20:39:29.0275 1340 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
20:39:29.0312 1340 b06bdrv - ok
20:39:29.0384 1340 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:39:29.0395 1340 b57nd60x - ok
20:39:29.0467 1340 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:39:29.0469 1340 Beep - ok
20:39:29.0632 1340 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:39:29.0638 1340 blbdrive - ok
20:39:29.0715 1340 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:39:29.0722 1340 bowser - ok
20:39:29.0768 1340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
20:39:29.0772 1340 BrFiltLo - ok
20:39:29.0824 1340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
20:39:29.0828 1340 BrFiltUp - ok
20:39:29.0900 1340 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:39:29.0912 1340 Brserid - ok
20:39:30.0091 1340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:39:30.0096 1340 BrSerWdm - ok
20:39:30.0164 1340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:39:30.0169 1340 BrUsbMdm - ok
20:39:30.0210 1340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:39:30.0213 1340 BrUsbSer - ok
20:39:30.0261 1340 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
20:39:30.0266 1340 BTHMODEM - ok
20:39:30.0425 1340 catchme - ok
20:39:30.0574 1340 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:39:30.0579 1340 cdfs - ok
20:39:30.0646 1340 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:39:30.0654 1340 cdrom - ok
20:39:30.0751 1340 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
20:39:30.0757 1340 circlass - ok
20:39:30.0835 1340 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:39:30.0846 1340 CLFS - ok
20:39:31.0007 1340 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:39:31.0011 1340 CmBatt - ok
20:39:31.0069 1340 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:39:31.0073 1340 cmdide - ok
20:39:31.0162 1340 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
20:39:31.0185 1340 CNG - ok
20:39:31.0237 1340 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:39:31.0240 1340 Compbatt - ok
20:39:31.0381 1340 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:39:31.0386 1340 CompositeBus - ok
20:39:31.0479 1340 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
20:39:31.0483 1340 crcdisk - ok
20:39:31.0569 1340 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:39:31.0573 1340 DfsC - ok
20:39:31.0618 1340 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:39:31.0623 1340 discache - ok
20:39:31.0743 1340 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
20:39:31.0748 1340 Disk - ok
20:39:31.0900 1340 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:39:31.0904 1340 drmkaud - ok
20:39:32.0033 1340 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:39:32.0102 1340 DXGKrnl - ok
20:39:32.0464 1340 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
20:39:32.0603 1340 ebdrv - ok
20:39:32.0703 1340 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
20:39:32.0746 1340 elxstor - ok
20:39:32.0802 1340 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:39:32.0806 1340 ErrDev - ok
20:39:32.0878 1340 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:39:32.0884 1340 exfat - ok
20:39:32.0991 1340 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:39:33.0000 1340 fastfat - ok
20:39:33.0077 1340 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
20:39:33.0082 1340 fdc - ok
20:39:33.0173 1340 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:39:33.0179 1340 FileInfo - ok
20:39:33.0227 1340 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:39:33.0231 1340 Filetrace - ok
20:39:33.0285 1340 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
20:39:33.0290 1340 flpydisk - ok
20:39:33.0433 1340 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:39:33.0444 1340 FltMgr - ok
20:39:33.0540 1340 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:39:33.0546 1340 FsDepends - ok
20:39:33.0603 1340 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:39:33.0607 1340 Fs_Rec - ok
20:39:33.0675 1340 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:39:33.0684 1340 fvevol - ok
20:39:33.0831 1340 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
20:39:33.0836 1340 FwLnk - ok
20:39:33.0950 1340 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
20:39:33.0957 1340 gagp30kx - ok
20:39:34.0042 1340 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:39:34.0046 1340 hcw85cir - ok
20:39:34.0149 1340 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:39:34.0174 1340 HdAudAddService - ok
20:39:34.0296 1340 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:39:34.0304 1340 HDAudBus - ok
20:39:34.0419 1340 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
20:39:34.0424 1340 HidBatt - ok
20:39:34.0479 1340 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
20:39:34.0486 1340 HidBth - ok
20:39:34.0539 1340 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
20:39:34.0545 1340 HidIr - ok
20:39:34.0659 1340 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
20:39:34.0664 1340 HidUsb - ok
20:39:34.0801 1340 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:39:34.0807 1340 HpSAMD - ok
20:39:34.0903 1340 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:39:34.0949 1340 HTTP - ok
20:39:35.0028 1340 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:39:35.0032 1340 hwpolicy - ok
20:39:35.0141 1340 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:39:35.0148 1340 i8042prt - ok
20:39:35.0282 1340 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:39:35.0306 1340 iaStorV - ok
20:39:35.0375 1340 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
20:39:35.0379 1340 iirsp - ok
20:39:35.0467 1340 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:39:35.0471 1340 intelide - ok
20:39:35.0580 1340 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
20:39:35.0586 1340 intelppm - ok
20:39:35.0678 1340 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:39:35.0684 1340 IpFilterDriver - ok
20:39:35.0743 1340 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:39:35.0747 1340 IPMIDRV - ok
20:39:35.0786 1340 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:39:35.0790 1340 IPNAT - ok
20:39:35.0879 1340 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:39:35.0884 1340 IRENUM - ok
20:39:35.0955 1340 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:39:35.0960 1340 isapnp - ok
20:39:36.0060 1340 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:39:36.0072 1340 iScsiPrt - ok
20:39:36.0162 1340 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:39:36.0172 1340 kbdclass - ok
20:39:36.0265 1340 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:39:36.0267 1340 kbdhid - ok
20:39:36.0353 1340 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
20:39:36.0359 1340 KSecDD - ok
20:39:36.0469 1340 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
20:39:36.0478 1340 KSecPkg - ok
20:39:36.0647 1340 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:39:36.0653 1340 lltdio - ok
20:39:36.0772 1340 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
20:39:36.0779 1340 LSI_FC - ok
20:39:36.0857 1340 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
20:39:36.0864 1340 LSI_SAS - ok
20:39:36.0903 1340 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
20:39:36.0905 1340 LSI_SAS2 - ok
20:39:36.0941 1340 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
20:39:36.0944 1340 LSI_SCSI - ok
20:39:37.0067 1340 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:39:37.0074 1340 luafv - ok
20:39:37.0151 1340 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
20:39:37.0157 1340 megasas - ok
20:39:37.0243 1340 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
20:39:37.0253 1340 MegaSR - ok
20:39:37.0298 1340 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:39:37.0300 1340 Modem - ok
20:39:37.0348 1340 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:39:37.0352 1340 monitor - ok
20:39:37.0465 1340 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:39:37.0468 1340 mouclass - ok
20:39:37.0555 1340 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
20:39:37.0560 1340 mouhid - ok
20:39:37.0621 1340 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:39:37.0626 1340 mountmgr - ok
20:39:37.0727 1340 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
20:39:37.0739 1340 MpFilter - ok
20:39:37.0841 1340 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:39:37.0850 1340 mpio - ok
20:39:37.0931 1340 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:39:37.0937 1340 MpNWMon - ok
20:39:38.0005 1340 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:39:38.0011 1340 mpsdrv - ok
20:39:38.0067 1340 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:39:38.0075 1340 MRxDAV - ok
20:39:38.0166 1340 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:39:38.0176 1340 mrxsmb - ok
20:39:38.0289 1340 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:39:38.0302 1340 mrxsmb10 - ok
20:39:38.0399 1340 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:39:38.0407 1340 mrxsmb20 - ok
20:39:38.0548 1340 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:39:38.0553 1340 msahci - ok
20:39:38.0645 1340 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:39:38.0653 1340 msdsm - ok
20:39:38.0759 1340 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:39:38.0764 1340 Msfs - ok
20:39:38.0851 1340 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:39:38.0856 1340 mshidkmdf - ok
20:39:38.0949 1340 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:39:38.0953 1340 msisadrv - ok
20:39:39.0032 1340 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:39.0036 1340 MSKSSRV - ok
20:39:39.0155 1340 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:39.0160 1340 MSPCLOCK - ok
20:39:39.0255 1340 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:39:39.0259 1340 MSPQM - ok
20:39:39.0391 1340 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:39:39.0401 1340 MsRPC - ok
20:39:39.0499 1340 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:39:39.0504 1340 mssmbios - ok
20:39:39.0624 1340 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:39:39.0629 1340 MSTEE - ok
20:39:39.0710 1340 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
20:39:39.0715 1340 MTConfig - ok
20:39:39.0840 1340 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:39:39.0846 1340 Mup - ok
20:39:39.0956 1340 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:39.0980 1340 NativeWifiP - ok
20:39:40.0096 1340 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:39:40.0144 1340 NDIS - ok
20:39:40.0236 1340 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:40.0241 1340 NdisCap - ok
20:39:40.0330 1340 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:40.0335 1340 NdisTapi - ok
20:39:40.0419 1340 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:40.0425 1340 Ndisuio - ok
20:39:40.0476 1340 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:40.0484 1340 NdisWan - ok
20:39:40.0533 1340 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:39:40.0539 1340 NDProxy - ok
20:39:40.0662 1340 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:39:40.0667 1340 NetBIOS - ok
20:39:40.0728 1340 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:39:40.0734 1340 NetBT - ok
20:39:40.0857 1340 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
20:39:40.0865 1340 nfrd960 - ok
20:39:40.0948 1340 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:39:40.0955 1340 NisDrv - ok
20:39:41.0094 1340 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:39:41.0100 1340 Npfs - ok
20:39:41.0159 1340 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:39:41.0163 1340 nsiproxy - ok
20:39:41.0295 1340 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:39:41.0371 1340 Ntfs - ok
20:39:41.0458 1340 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:39:41.0462 1340 Null - ok
20:39:41.0605 1340 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:39:41.0613 1340 nvraid - ok
20:39:41.0705 1340 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:39:41.0714 1340 nvstor - ok
20:39:41.0793 1340 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:39:41.0800 1340 nv_agp - ok
20:39:41.0879 1340 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:39:41.0885 1340 ohci1394 - ok
20:39:42.0025 1340 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
20:39:42.0035 1340 Parport - ok
20:39:42.0092 1340 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:39:42.0098 1340 partmgr - ok
20:39:42.0162 1340 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
20:39:42.0167 1340 Parvdm - ok
20:39:42.0260 1340 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:39:42.0267 1340 pci - ok
20:39:42.0375 1340 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:39:42.0380 1340 pciide - ok
20:39:42.0444 1340 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
20:39:42.0452 1340 pcmcia - ok
20:39:42.0541 1340 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:39:42.0547 1340 pcw - ok
20:39:42.0655 1340 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:39:42.0703 1340 PEAUTH - ok
20:39:42.0875 1340 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:42.0882 1340 PptpMiniport - ok
20:39:42.0936 1340 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
20:39:42.0942 1340 Processor - ok
20:39:43.0091 1340 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:39:43.0097 1340 Psched - ok
20:39:43.0209 1340 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
20:39:43.0294 1340 ql2300 - ok
20:39:43.0410 1340 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
20:39:43.0418 1340 ql40xx - ok
20:39:43.0539 1340 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:39:43.0544 1340 QWAVEdrv - ok
20:39:43.0592 1340 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:43.0596 1340 RasAcd - ok
20:39:43.0684 1340 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:43.0690 1340 RasAgileVpn - ok
20:39:43.0806 1340 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:43.0814 1340 Rasl2tp - ok
20:39:43.0926 1340 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:43.0933 1340 RasPppoe - ok
20:39:44.0017 1340 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:44.0025 1340 RasSstp - ok
20:39:44.0082 1340 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:44.0089 1340 rdbss - ok
20:39:44.0131 1340 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
20:39:44.0134 1340 rdpbus - ok
20:39:44.0229 1340 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:44.0233 1340 RDPCDD - ok
20:39:44.0342 1340 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:39:44.0347 1340 RDPENCDD - ok
20:39:44.0446 1340 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:39:44.0451 1340 RDPREFMP - ok
20:39:44.0506 1340 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:39:44.0514 1340 RDPWD - ok
20:39:44.0627 1340 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:39:44.0637 1340 rdyboost - ok
20:39:44.0773 1340 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:39:44.0780 1340 rspndr - ok
20:39:44.0911 1340 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:39:44.0954 1340 RTL8167 - ok
20:39:45.0089 1340 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:39:45.0097 1340 sbp2port - ok
20:39:45.0194 1340 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:39:45.0200 1340 scfilter - ok
20:39:45.0302 1340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:39:45.0308 1340 secdrv - ok
20:39:45.0383 1340 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
20:39:45.0385 1340 Serenum - ok
20:39:45.0505 1340 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
20:39:45.0513 1340 Serial - ok
20:39:45.0603 1340 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
20:39:45.0607 1340 sermouse - ok
20:39:45.0709 1340 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:39:45.0713 1340 sffdisk - ok
20:39:45.0753 1340 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:39:45.0755 1340 sffp_mmc - ok
20:39:45.0811 1340 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:39:45.0814 1340 sffp_sd - ok
20:39:45.0927 1340 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
20:39:45.0932 1340 sfloppy - ok
20:39:46.0023 1340 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:39:46.0029 1340 sisagp - ok
20:39:46.0149 1340 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
20:39:46.0155 1340 SiSRaid2 - ok
20:39:46.0202 1340 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
20:39:46.0209 1340 SiSRaid4 - ok
20:39:46.0306 1340 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:39:46.0313 1340 Smb - ok
20:39:46.0377 1340 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:39:46.0380 1340 spldr - ok
20:39:46.0489 1340 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:39:46.0516 1340 srv - ok
20:39:46.0629 1340 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:39:46.0650 1340 srv2 - ok
20:39:46.0745 1340 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:39:46.0754 1340 srvnet - ok
20:39:46.0835 1340 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
20:39:46.0840 1340 stexstor - ok
20:39:46.0885 1340 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:39:46.0888 1340 swenum - ok
20:39:47.0022 1340 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
20:39:47.0035 1340 SynTP - ok
20:39:47.0251 1340 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:39:47.0335 1340 Tcpip - ok
20:39:47.0452 1340 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:39:47.0476 1340 TCPIP6 - ok
20:39:47.0584 1340 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:39:47.0590 1340 tcpipreg - ok
20:39:47.0699 1340 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:39:47.0704 1340 TDPIPE - ok
20:39:47.0775 1340 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:39:47.0780 1340 TDTCP - ok
20:39:47.0830 1340 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:39:47.0837 1340 tdx - ok
20:39:47.0897 1340 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
20:39:47.0900 1340 TermDD - ok
20:39:48.0078 1340 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:39:48.0084 1340 tssecsrv - ok
20:39:48.0178 1340 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:39:48.0184 1340 TsUsbFlt - ok
20:39:48.0253 1340 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
20:39:48.0258 1340 TsUsbGD - ok
20:39:48.0318 1340 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:39:48.0322 1340 tunnel - ok
20:39:48.0405 1340 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:39:48.0410 1340 TVALZ - ok
20:39:48.0496 1340 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
20:39:48.0503 1340 uagp35 - ok
20:39:48.0619 1340 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:39:48.0630 1340 udfs - ok
20:39:48.0712 1340 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:39:48.0717 1340 uliagpkx - ok
20:39:48.0768 1340 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
20:39:48.0772 1340 umbus - ok
20:39:48.0863 1340 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
20:39:48.0869 1340 UmPass - ok
20:39:48.0954 1340 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:39:48.0961 1340 usbccgp - ok
20:39:49.0092 1340 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:39:49.0099 1340 usbcir - ok
20:39:49.0182 1340 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:39:49.0188 1340 usbehci - ok
20:39:49.0266 1340 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:39:49.0279 1340 usbhub - ok
20:39:49.0384 1340 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
20:39:49.0390 1340 usbohci - ok
20:39:49.0501 1340 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
20:39:49.0507 1340 usbprint - ok
20:39:49.0645 1340 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
20:39:49.0652 1340 USBSTOR - ok
20:39:49.0736 1340 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
20:39:49.0742 1340 usbuhci - ok
20:39:49.0891 1340 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
20:39:49.0899 1340 usbvideo - ok
20:39:50.0060 1340 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:39:50.0066 1340 vdrvroot - ok
20:39:50.0135 1340 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:39:50.0138 1340 vga - ok
20:39:50.0186 1340 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:39:50.0189 1340 VgaSave - ok
20:39:50.0268 1340 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:39:50.0278 1340 vhdmp - ok
20:39:50.0353 1340 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:39:50.0357 1340 viaagp - ok
20:39:50.0460 1340 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
20:39:50.0463 1340 ViaC7 - ok
20:39:50.0513 1340 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:39:50.0519 1340 viaide - ok
20:39:50.0576 1340 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:39:50.0582 1340 volmgr - ok
20:39:50.0671 1340 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:39:50.0696 1340 volmgrx - ok
20:39:50.0832 1340 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:39:50.0846 1340 volsnap - ok
20:39:50.0920 1340 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
20:39:50.0930 1340 vsmraid - ok
20:39:50.0999 1340 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:39:51.0005 1340 vwifibus - ok
20:39:51.0087 1340 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:39:51.0093 1340 vwififlt - ok
20:39:51.0235 1340 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:39:51.0240 1340 vwifimp - ok
20:39:51.0307 1340 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
20:39:51.0311 1340 WacomPen - ok
20:39:51.0373 1340 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:51.0377 1340 WANARP - ok
20:39:51.0386 1340 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:51.0388 1340 Wanarpv6 - ok
20:39:51.0447 1340 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
20:39:51.0449 1340 Wd - ok
20:39:51.0537 1340 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:39:51.0584 1340 Wdf01000 - ok
20:39:51.0775 1340 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:39:51.0781 1340 WfpLwf - ok
20:39:51.0838 1340 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:39:51.0843 1340 WIMMount - ok
20:39:51.0998 1340 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:39:52.0002 1340 WmiAcpi - ok
20:39:52.0072 1340 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:39:52.0075 1340 ws2ifsl - ok
20:39:52.0209 1340 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:39:52.0217 1340 WudfPf - ok
20:39:52.0298 1340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:39:52.0356 1340 \Device\Harddisk0\DR0 - ok
20:39:52.0379 1340 Boot (0x1200) (bbacfa4393bb62b74b322b11d3495f8f) \Device\Harddisk0\DR0\Partition0
20:39:52.0383 1340 \Device\Harddisk0\DR0\Partition0 - ok
20:39:52.0400 1340 Boot (0x1200) (2835c5861f4e0a3308ca81aea94ee5de) \Device\Harddisk0\DR0\Partition1
20:39:52.0403 1340 \Device\Harddisk0\DR0\Partition1 - ok
20:39:52.0404 1340 ============================================================
20:39:52.0404 1340 Scan finished
20:39:52.0404 1340 ============================================================
20:39:52.0428 4088 Detected object count: 0
20:39:52.0429 4088 Actual detected object count: 0
20:39:58.0462 1548 Deinitialize success

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: dos:alureon.e

Post by benjaminrogers on Tue Feb 14, 2012 8:21 pm

Haven't heard from anyone in awhile?

benjaminrogers
Novice
Novice

Posts Posts : 15
Joined Joined : 2011-12-20
OS OS : Windows 7 Home Premium N
Points Points : 18333
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum