Vista infected with Alureon.E - Please Help...

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Vista infected with Alureon.E - Please Help...

Post by charger73fan on Mon 16 Jan 2012, 12:37 am

First topic message reminder :

Hello there, my laptop somehow got the Alureon.E virus and I can't get rid of the thing. Ended up doing a complete system restore and starting fresh - it's still there. I followed the instructions in the "read this before Posting" thread and the three requested logs are below:

OTL logfile created on: 1/15/2012 6:49:48 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chuck\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.94% Memory free
8.15 Gb Paging File | 6.60 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.02 Gb Total Space | 147.47 Gb Free Space | 67.02% Space Free | Partition Type: NTFS
Drive D: | 12.86 Gb Total Space | 2.45 Gb Free Space | 19.04% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Chuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/15 06:47:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chuck\Downloads\OTL.com
PRC - [2007/10/24 04:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 04:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/08/23 13:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/12 05:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/06/11 14:04:36 | 000,190,696 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil9d.exe


========== Modules (No Company Name) ==========

MOD - [2007/12/19 20:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 20:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 20:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 20:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/24 04:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/08/23 13:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/23 13:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/26 15:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 20:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 20:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 20:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 20:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/09/29 17:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/17 17:17:46 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007/07/11 11:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/28 09:09:56 | 003,148,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/26 20:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 13:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 17:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/10/09 20:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57495BEF-56A4-4A6D-AEAE-A4DDEC69186A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPSproutv4.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPSproutv4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfRd - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: wave1 - serwvdrv.dll (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: wave1 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/15 06:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/15 06:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/15 06:19:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/15 06:09:27 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/15 06:09:27 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/15 05:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012/01/15 05:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/01/15 05:57:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/01/14 23:19:46 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2012/01/14 23:19:45 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2012/01/14 23:19:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2012/01/14 23:19:40 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2012/01/14 23:19:39 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2012/01/14 23:19:39 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2012/01/14 23:19:39 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2012/01/14 23:19:39 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2012/01/14 23:19:39 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2012/01/14 23:19:39 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2012/01/14 23:19:39 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2012/01/14 23:19:39 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2012/01/14 23:19:39 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2012/01/14 23:19:38 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2012/01/14 23:19:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2012/01/14 23:19:38 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2012/01/14 22:45:49 | 000,000,000 | ---D | C] -- C:\Users\Chuck\AppData\Local\Microsoft Help
[2012/01/14 22:36:02 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2012/01/14 22:36:02 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2012/01/14 22:36:00 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2012/01/14 22:36:00 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2012/01/14 22:36:00 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2012/01/14 22:35:59 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2012/01/14 22:16:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/01/14 22:16:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/01/14 22:16:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/01/14 22:16:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/01/14 22:16:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/01/14 22:16:44 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/01/14 22:16:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/01/14 22:16:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/01/14 22:16:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/01/14 22:16:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/01/14 22:16:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/01/14 22:16:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/01/14 22:16:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/01/14 22:16:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/01/14 22:16:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/01/14 22:16:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/01/14 22:16:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/01/14 22:16:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/01/14 22:16:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/01/14 22:16:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/01/14 22:16:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/01/14 22:16:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/14 22:16:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/01/14 22:16:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/01/14 22:16:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/01/14 22:16:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/01/14 22:16:42 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/01/14 22:16:42 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012/01/14 22:16:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/01/14 22:16:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/01/14 22:16:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/01/14 22:16:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/01/14 22:16:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/01/14 22:16:40 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/01/14 22:16:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/01/14 22:16:39 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/01/14 22:16:39 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/14 22:16:39 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/01/14 22:16:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/01/14 22:16:39 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/01/14 22:16:39 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/01/14 22:16:39 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012/01/14 22:16:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/01/14 22:16:39 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/01/14 22:16:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/01/14 22:16:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/01/14 22:16:39 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/01/14 22:16:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/01/14 22:16:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/01/14 22:16:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/01/14 22:16:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/01/14 22:16:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/01/14 22:16:38 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/01/14 22:16:38 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/01/14 22:16:38 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/01/14 22:16:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/01/14 22:16:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/01/14 22:16:38 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/01/14 22:16:38 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/01/14 22:16:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/01/14 22:16:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/01/14 22:16:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/01/14 22:16:37 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/01/14 22:16:37 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/01/14 22:16:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/01/14 22:16:37 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/01/14 22:16:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/01/14 22:16:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/01/14 22:16:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/01/14 22:16:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/01/14 22:16:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/01/14 22:16:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/01/14 22:16:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/01/14 22:16:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/01/14 22:15:20 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2012/01/14 22:15:20 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2012/01/14 22:15:19 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/01/14 22:15:19 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2012/01/14 22:15:19 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2012/01/14 22:15:19 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2012/01/14 22:15:19 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/01/14 22:15:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2012/01/14 22:15:19 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/01/14 22:15:18 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/01/14 22:15:18 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2012/01/14 22:15:18 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2012/01/14 22:15:18 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/01/14 22:15:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2012/01/14 22:15:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2012/01/14 22:15:17 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012/01/14 22:15:17 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012/01/14 22:15:15 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/01/14 22:15:15 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/01/14 22:15:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/01/14 22:15:14 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/01/14 22:15:14 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/01/14 22:15:14 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2012/01/14 22:15:14 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/01/14 22:15:13 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2012/01/14 22:15:13 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2012/01/14 22:15:13 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012/01/14 22:15:13 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012/01/14 22:15:13 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/01/14 22:15:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2012/01/14 22:15:12 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012/01/14 22:15:12 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012/01/14 22:15:12 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012/01/14 22:15:12 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012/01/14 22:15:11 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/01/14 22:15:11 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/01/14 22:15:11 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/01/14 22:14:24 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2012/01/14 22:14:24 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2012/01/14 22:14:24 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012/01/14 22:14:24 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2012/01/14 22:14:24 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2012/01/14 22:14:24 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2012/01/14 22:14:24 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2012/01/14 22:14:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2012/01/14 22:14:23 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2012/01/14 22:14:23 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2012/01/14 22:14:23 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2012/01/14 22:14:23 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2012/01/14 22:01:50 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/01/14 22:01:50 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/01/14 22:00:34 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/01/14 22:00:33 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/01/14 22:00:31 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/01/14 22:00:07 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2012/01/14 22:00:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2012/01/14 22:00:06 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2012/01/14 22:00:06 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/01/14 22:00:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2012/01/14 22:00:05 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/01/14 21:59:39 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/14 21:59:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/14 21:59:39 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/14 21:59:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/14 21:59:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/14 21:59:17 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/01/14 21:59:16 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/14 21:59:07 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/14 21:59:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/14 21:59:06 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/14 21:59:05 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/14 21:59:05 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/14 21:59:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/01/14 21:59:03 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2012/01/14 21:59:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/01/14 21:58:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/14 21:58:33 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/14 21:57:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/01/14 21:57:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/01/14 21:57:55 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/01/14 21:57:55 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/01/14 21:57:55 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/01/14 21:57:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/01/14 21:57:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/01/14 21:57:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax


charger73fan

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2012-01-15
Operating System : Vista

View user profile

Back to top Go down


Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Wed 25 Jan 2012, 12:25 pm

To wipe the drive clean, re-format and reinstall the OS.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by charger73fan on Wed 25 Jan 2012, 1:53 pm

Questions:

1. Should I follow the instructions on the re-format link you sent?
2. My computer never came with an OS disk, only a separate hard drive used for recovery/restore - what should I do with that?
3. Do I need to figure out what drivers I need as shown in the link, or will my recovery partition have all that.

I guess what I'm asking for is a little more individualized instruction applicable to my system. Thanks!!!

charger73fan

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2012-01-15
Operating System : Vista

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Thu 26 Jan 2012, 6:51 am

How to run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.
2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".
3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots
4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".
5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by charger73fan on Thu 26 Jan 2012, 9:49 am

I did that. I get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Diagnostic Tool
Command Prompt
Recovery Manager

I went to Recovery Manager, then System Recovery, Then restore to original factory condition. I didn't do it again because that's what I did when I posted my original question a couple weeks ago - trojan was still present. Do I need to buy the CD from HP or can we try something else?

charger73fan

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2012-01-15
Operating System : Vista

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Thu 26 Jan 2012, 1:14 pm

Do I need to buy the CD from HP or can we try something else?.
Let's try a few more scans first.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by charger73fan on Thu 26 Jan 2012, 1:58 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 146):
0x01C59000 \SystemRoot\system32\ntoskrnl.exe
0x01C13000 \SystemRoot\system32\hal.dll
0x00606000 \SystemRoot\system32\kdcom.dll
0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064B000 \SystemRoot\system32\PSHED.dll
0x0065F000 \SystemRoot\system32\CLFS.SYS
0x006BC000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008AD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008BC000 \SystemRoot\system32\drivers\acpi.sys
0x00912000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0091B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00925000 \SystemRoot\system32\drivers\pci.sys
0x00955000 \SystemRoot\System32\drivers\partmgr.sys
0x0096A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0096E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0097A000 \SystemRoot\system32\drivers\volmgr.sys
0x0098E000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F4000 \SystemRoot\system32\drivers\intelide.sys
0x0076E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0077E000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A06000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B0A000 \SystemRoot\system32\drivers\atapi.sys
0x00B12000 \SystemRoot\system32\drivers\ataport.SYS
0x00B36000 \SystemRoot\system32\drivers\msahci.sys
0x00B40000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B87000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C0F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E03000 \SystemRoot\system32\drivers\ndis.sys
0x00C96000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE6000 \SystemRoot\system32\drivers\NETIO.SYS
0x01003000 \SystemRoot\System32\drivers\tcpip.sys
0x01177000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138D000 \SystemRoot\system32\drivers\volsnap.sys
0x013D1000 \SystemRoot\System32\Drivers\spldr.sys
0x013D9000 \SystemRoot\System32\Drivers\mup.sys
0x011A3000 \SystemRoot\System32\drivers\ecache.sys
0x013EB000 \SystemRoot\system32\drivers\disk.sys
0x011CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02310000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0231C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02325000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0232A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02333000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02404000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C0B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CEE000 \SystemRoot\System32\drivers\watchdog.sys
0x02CFE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D0A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D50000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03002000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x03494000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x034B9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x034CB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x034DB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x034FB000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x0350F000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03526000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x0357D000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x03580000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03592000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0359A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x035B0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x035BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02EEF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x035CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x035CC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x035D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F42000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F7B000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FD8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D61000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x035F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DB5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DD3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02DEB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03000000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B5F000 \SystemRoot\system32\DRIVERS\ks.sys
0x02FF5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02B93000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02BA3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02BEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E0E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05F3A000 \SystemRoot\system32\drivers\portcls.sys
0x05F75000 \SystemRoot\system32\drivers\drmk.sys
0x05F98000 \SystemRoot\system32\drivers\ksthunk.sys
0x06008000 \SystemRoot\system32\DRIVERS\smserial.sys
0x0613C000 \SystemRoot\system32\drivers\modem.sys
0x0614B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x06158000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x06189000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x06193000 \SystemRoot\System32\Drivers\Null.SYS
0x0619C000 \SystemRoot\System32\drivers\vga.sys
0x061AA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x061CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x061D8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x061E1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x061EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x05F9E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x05FA7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x05FC4000 \SystemRoot\system32\DRIVERS\smb.sys
0x02346000 \SystemRoot\system32\drivers\afd.sys
0x023B1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x05FDF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x00FD4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x05FEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00D3F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00D5A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05E00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x00DA7000 \SystemRoot\System32\Drivers\dfsc.sys
0x02200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06402000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x06506000 \SystemRoot\System32\drivers\Dxapi.sys
0x06512000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x06525000 \SystemRoot\system32\drivers\luafv.sys
0x06547000 \SystemRoot\system32\drivers\spsys.sys
0x065E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0220E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x065F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02242000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0225A000 \SystemRoot\system32\drivers\HTTP.sys
0x00DC4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x00B9B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x00BB9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x00BD3000 \SystemRoot\system32\drivers\mrxdav.sys
0x00791000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x17205000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x1724E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x1726D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x1729F000 \SystemRoot\System32\DRIVERS\srv.sys
0x17332000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x17342000 \SystemRoot\system32\drivers\peauth.sys
0x022FD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x00DED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x007BA000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x007D2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x778D0000 \WINDOWS\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
548 C:\WINDOWS\System32\smss.exe
616 csrss.exe
652 C:\WINDOWS\System32\wininit.exe
672 csrss.exe
708 C:\WINDOWS\System32\services.exe
724 C:\WINDOWS\System32\lsass.exe
732 C:\WINDOWS\System32\lsm.exe
832 C:\WINDOWS\System32\winlogon.exe
908 C:\WINDOWS\System32\svchost.exe
968 C:\WINDOWS\System32\svchost.exe
1004 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
492 C:\WINDOWS\System32\svchost.exe
592 C:\WINDOWS\System32\svchost.exe
584 C:\WINDOWS\System32\svchost.exe
372 C:\WINDOWS\System32\audiodg.exe
660 C:\WINDOWS\System32\svchost.exe
1032 C:\WINDOWS\System32\SLsvc.exe
1096 C:\WINDOWS\System32\svchost.exe
1228 C:\WINDOWS\System32\svchost.exe
1404 C:\WINDOWS\System32\spoolsv.exe
1428 C:\WINDOWS\System32\svchost.exe
1652 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1948 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1996 C:\WINDOWS\System32\svchost.exe
2016 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
1820 C:\WINDOWS\System32\taskeng.exe
1876 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2156 C:\WINDOWS\System32\svchost.exe
2180 C:\WINDOWS\System32\SearchIndexer.exe
2252 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
2484 C:\WINDOWS\System32\taskeng.exe
2604 C:\WINDOWS\System32\dwm.exe
2704 C:\WINDOWS\explorer.exe
2812 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
2848 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3008 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3020 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
3036 C:\WINDOWS\RAVCpl64.exe
3044 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2096 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2356 C:\WINDOWS\System32\igfxtray.exe
2536 C:\WINDOWS\System32\hkcmd.exe
2508 C:\WINDOWS\System32\igfxpers.exe
1308 C:\Program Files\Microsoft Security Client\msseces.exe
2760 C:\Program Files\Windows Sidebar\sidebar.exe
3056 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
3108 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
3136 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
3148 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3160 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3236 C:\WINDOWS\System32\svchost.exe
3260 WmiPrvSE.exe
3332 C:\WINDOWS\System32\igfxsrvc.exe
3816 C:\WINDOWS\System32\svchost.exe
3856 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3456 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1344 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
4076 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2864 C:\WINDOWS\System32\SearchFilterHost.exe
2188 C:\WINDOWS\System32\SearchProtocolHost.exe
1452 dllhost.exe
3280 dllhost.exe
2204 C:\Users\Chuck\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`01636400 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

charger73fan

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2012-01-15
Operating System : Vista

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Fri 27 Jan 2012, 7:09 am

I'm going to check with my colleagues about this. I'll be back.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by charger73fan on Fri 27 Jan 2012, 8:37 am

Ok - thanks!

charger73fan

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2012-01-15
Operating System : Vista

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Sat 28 Jan 2012, 11:35 am

Ok. Let's try this:

Run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.


6. Next type FIXMBR

7. If it ask if you're sure you want to write a new MBR, answer 'Y'

8. Then type EXIT to reboot the machine.

9.With that done, please post back and let me know how things are now.


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by charger73fan on Sat 28 Jan 2012, 1:13 pm

Done as directed - unfortunately, no difference. Any other ideas?

charger73fan

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2012-01-15
Operating System : Vista

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Sat 28 Jan 2012, 1:37 pm

Please run the MBR check again and see if there's any change.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by charger73fan on Sat 28 Jan 2012, 1:55 pm

Latest Report:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x01C1C000 \SystemRoot\system32\ntoskrnl.exe
0x02134000 \SystemRoot\system32\hal.dll
0x00609000 \SystemRoot\system32\kdcom.dll
0x00613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064E000 \SystemRoot\system32\PSHED.dll
0x00662000 \SystemRoot\system32\CLFS.SYS
0x006BF000 \SystemRoot\system32\CI.dll
0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008AF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008BE000 \SystemRoot\system32\drivers\acpi.sys
0x00914000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0091D000 \SystemRoot\system32\drivers\msisadrv.sys
0x00927000 \SystemRoot\system32\drivers\pci.sys
0x00957000 \SystemRoot\System32\drivers\partmgr.sys
0x0096C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00970000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0097C000 \SystemRoot\system32\drivers\volmgr.sys
0x00990000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F6000 \SystemRoot\system32\drivers\intelide.sys
0x00771000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00781000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B10000 \SystemRoot\system32\drivers\atapi.sys
0x00B18000 \SystemRoot\system32\drivers\ataport.SYS
0x00B3C000 \SystemRoot\system32\drivers\msahci.sys
0x00B46000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B8D000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C04000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E07000 \SystemRoot\system32\drivers\ndis.sys
0x00C8B000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDB000 \SystemRoot\system32\drivers\NETIO.SYS
0x01009000 \SystemRoot\System32\drivers\tcpip.sys
0x0117D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138B000 \SystemRoot\system32\drivers\volsnap.sys
0x013CF000 \SystemRoot\System32\Drivers\spldr.sys
0x013D7000 \SystemRoot\System32\Drivers\mup.sys
0x011A9000 \SystemRoot\System32\drivers\ecache.sys
0x013E9000 \SystemRoot\system32\drivers\disk.sys
0x00FCA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01200000 \SystemRoot\system32\drivers\crcdisk.sys
0x02307000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02313000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0231C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02321000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0232A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02403000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02C02000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02CE5000 \SystemRoot\System32\drivers\watchdog.sys
0x02CF5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02D01000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D47000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0320A000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0369C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x036C1000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x036D3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x036E3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03703000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03717000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x0372E000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x03785000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x03788000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0379A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x037A2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x037B8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x037C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02EF8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x037D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x037D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x037E0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F4B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02F84000 \SystemRoot\system32\DRIVERS\storport.sys
0x02FE1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D58000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02FEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02D7B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02DAC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DBC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02B5E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x037FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02B71000 \SystemRoot\system32\DRIVERS\ks.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02BA5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02BB5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02DF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0233D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06002000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0612E000 \SystemRoot\system32\drivers\portcls.sys
0x06169000 \SystemRoot\system32\drivers\drmk.sys
0x0618C000 \SystemRoot\system32\drivers\ksthunk.sys
0x06208000 \SystemRoot\system32\DRIVERS\smserial.sys
0x0633C000 \SystemRoot\system32\drivers\modem.sys
0x0634B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x06358000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x06389000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x06393000 \SystemRoot\System32\Drivers\Null.SYS
0x0639C000 \SystemRoot\System32\drivers\vga.sys
0x063AA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x063CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x063D8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x063E1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x063EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x06192000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0619B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x061B8000 \SystemRoot\system32\DRIVERS\smb.sys
0x02351000 \SystemRoot\system32\drivers\afd.sys
0x023BC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x061D3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x061DE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x011E3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00D34000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03200000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x011F2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x00D4F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x00D9C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x00DA8000 \SystemRoot\System32\Drivers\dfsc.sys
0x02200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06609000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0670D000 \SystemRoot\System32\drivers\Dxapi.sys
0x06719000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x0672C000 \SystemRoot\system32\drivers\luafv.sys
0x0674E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06762000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06796000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x067A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0220E000 \SystemRoot\system32\drivers\spsys.sys
0x17609000 \SystemRoot\system32\drivers\HTTP.sys
0x176AC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x176D5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x176F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x1770D000 \SystemRoot\system32\drivers\mrxdav.sys
0x17734000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x1775D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x177A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x177C5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x17805000 \SystemRoot\System32\DRIVERS\srv.sys
0x17898000 \SystemRoot\system32\drivers\peauth.sys
0x1794E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x17959000 \SystemRoot\System32\drivers\tcpipreg.sys
0x17969000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x17981000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x772F0000 \WINDOWS\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
532 C:\WINDOWS\System32\smss.exe
616 csrss.exe
652 C:\WINDOWS\System32\wininit.exe
672 csrss.exe
708 C:\WINDOWS\System32\winlogon.exe
748 C:\WINDOWS\System32\services.exe
760 C:\WINDOWS\System32\lsass.exe
768 C:\WINDOWS\System32\lsm.exe
940 C:\WINDOWS\System32\svchost.exe
1000 C:\WINDOWS\System32\svchost.exe
232 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
576 C:\WINDOWS\System32\svchost.exe
604 C:\WINDOWS\System32\svchost.exe
660 C:\WINDOWS\System32\svchost.exe
1036 C:\WINDOWS\System32\audiodg.exe
1056 C:\WINDOWS\System32\svchost.exe
1072 C:\WINDOWS\System32\SLsvc.exe
1120 C:\WINDOWS\System32\svchost.exe
1224 C:\WINDOWS\System32\svchost.exe
1532 C:\WINDOWS\System32\spoolsv.exe
1568 C:\WINDOWS\System32\svchost.exe
1768 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1812 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1976 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2036 C:\WINDOWS\System32\svchost.exe
1136 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2180 C:\WINDOWS\System32\taskeng.exe
2228 C:\WINDOWS\System32\dwm.exe
2248 C:\WINDOWS\explorer.exe
2328 C:\WINDOWS\System32\taskeng.exe
2548 MpCmdRun.exe
2624 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2632 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
2648 C:\WINDOWS\RAVCpl64.exe
2660 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2768 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2796 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2804 C:\WINDOWS\System32\igfxtray.exe
2848 C:\WINDOWS\System32\svchost.exe
2892 C:\WINDOWS\System32\SearchIndexer.exe
2948 C:\WINDOWS\System32\hkcmd.exe
2956 C:\WINDOWS\System32\igfxpers.exe
2968 C:\Program Files\Microsoft Security Client\msseces.exe
2976 C:\Program Files\Windows Sidebar\sidebar.exe
2996 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3016 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2464 C:\Program Files (x86)\HP\QuickPlay\QPService.exe
2536 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
2532 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
1152 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
2756 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2020 WmiPrvSE.exe
1328 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2096 C:\WINDOWS\System32\igfxsrvc.exe
2748 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
2132 WmiPrvSE.exe
3180 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3216 C:\WINDOWS\System32\svchost.exe
3660 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3836 C:\WINDOWS\System32\svchost.exe
2440 dllhost.exe
3848 dllhost.exe
3352 C:\Users\Chuck\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`01636400 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

charger73fan

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2012-01-15
Operating System : Vista

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Tue 31 Jan 2012, 1:06 pm

Sorry. Let's try this:

Run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

6. Next type bootrec /fixmbr

7. If it ask if you're sure you want to write a new MBR, answer 'Y'

8. Then type EXIT to reboot the machine.

9.With that done, please post back and let me know how things are now.


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by charger73fan on Fri 03 Feb 2012, 7:06 am

Thanks so much for your time and assistance with this problem, but the wife insisted that I get recovery disks and erase the computer to start from scratch. I did what she wanted and everything's fine now. Whatever that Alureon.E was, it was a pain to remove. One last question - what's your suggestion for free internet/virus security so this doesn't happen again? Thanks so much for your time and help again....

charger73fan

Newbie Surfer
Newbie Surfer

Posts : 24
Joined : 2012-01-15
Operating System : Vista

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Fri 03 Feb 2012, 10:24 am

I'm sorry it had to come to that but as the saying goes; "happy wife, happy life". Here's some advice.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**************************************************
Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Superdave on Fri 03 Feb 2012, 10:26 am

Superdave wrote:I'm sorry it had to come to that. Here's some advice.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**************************************************
Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Vista infected with Alureon.E - Please Help...

Post by Sponsored content Today at 4:31 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum