Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aureon.A


  • Please log in to reply

#1
MattyDavis

MattyDavis

    Member

  • Member
  • PipPip
  • 14 posts
Dear All,

Earlier today a friend of mine handed me his computer, as his son put a virus on it and it stopped booting. I used Hiren's BootCD to boot the computer. The Microsoft Security Essentials is detecting a trojan named Alureon.A , and the computer also had the rogue antivirus software Security Center. This is really killing me. Thank you in advance for your help.

Note: I am using my laptop to post, and USB drives to transfer files from the computer to my laptop. The computer in question is disconnected from the internet.

Here is the OTL Log:

OTL logfile created on: 1/13/2011 7:59:07 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 457.55 Gb Free Space | 98.24% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Drive F: | 3.74 Gb Total Space | 3.52 Gb Free Space | 94.23% Space Free | Partition Type: FAT32

Computer Name: OWNER-BABF459F1 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 19:43:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/12/22 22:26:26 | 000,147,968 | ---- | M] () -- C:\WINDOWS\mike148.exe
PRC - [2010/12/22 18:18:49 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/12/20 13:26:39 | 002,521,624 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.EXE
PRC - [2010/12/20 13:26:33 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE
PRC - [2010/12/20 13:26:25 | 000,109,080 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.EXE
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/31 13:39:40 | 019,071,672 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/04/29 10:59:28 | 000,245,760 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 19:43:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/20 13:26:39 | 002,521,624 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.EXE -- (UNS) Intel®
SRV - [2010/12/20 13:26:33 | 000,182,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE -- (atchksrv) Intel®
SRV - [2010/12/20 13:26:25 | 000,109,080 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.EXE -- (LMS) Intel®
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/12/20 13:23:53 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2010/01/13 12:18:36 | 001,730,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/18 19:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/13 13:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/04/16 01:20:14 | 000,090,700 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...015&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dfg49df] C:\WINDOWS\mike148.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1292859755343 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/20 09:21:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bea6de57-0c44-11e0-a34d-891bc77bc2ce}\Shell - "" = AutoRun
O33 - MountPoints2\{bea6de57-0c44-11e0-a34d-891bc77bc2ce}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 19:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\PCHealth
[2011/01/13 19:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Malwarebytes
[2011/01/13 19:21:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/13 19:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/13 19:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/13 19:21:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/13 19:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/23 11:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/23 10:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/22 19:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\WinRAR
[2010/12/22 19:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\WinRAR
[2010/12/22 19:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2010/12/22 19:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/12/22 19:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Creative
[2010/12/22 19:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft PhotoImpression 5
[2010/12/22 19:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Multimedia Email 3
[2010/12/22 19:09:37 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010/12/22 19:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/12/22 19:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Creative
[2010/12/22 19:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/12/22 18:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Google
[2010/12/22 18:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/12/22 18:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/12/22 18:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Google
[2010/12/22 18:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/22 18:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/12/22 18:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/12/22 18:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/12/21 21:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\ooVoo Details
[2010/12/21 21:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\oovootoolbar
[2010/12/21 21:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\oovootoolbar
[2010/12/21 21:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ooVoo
[2010/12/21 21:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010/12/21 21:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2010/12/20 15:18:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/20 13:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2010/12/20 12:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2010/12/20 12:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/12/20 12:42:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/12/20 12:37:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/12/20 12:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Macromedia
[2010/12/20 11:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010/12/20 11:02:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\IECompatCache
[2010/12/20 11:00:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\PrivacIE
[2010/12/20 10:59:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\IETldCache
[2010/12/20 10:55:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/12/20 10:55:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/12/20 10:54:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/12/20 10:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/12/20 10:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/12/20 10:42:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/12/20 10:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/12/20 10:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/12/20 10:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/12/20 10:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/12/20 10:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/12/20 10:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/12/20 10:24:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/12/20 10:23:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/12/20 10:22:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/12/20 09:56:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\UserData
[2010/12/20 09:52:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/20 09:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/12/20 09:38:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/12/20 09:37:55 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/12/20 09:37:55 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/12/20 09:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/12/20 09:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/12/20 09:36:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/12/20 09:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/12/20 09:36:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/12/20 09:36:06 | 000,000,000 | ---D | C] -- C:\Intel
[2010/12/20 09:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Identities
[2010/12/20 09:23:44 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/12/20 09:23:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\My Documents\My Pictures
[2010/12/20 09:23:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\My Documents\My Music
[2010/12/20 09:23:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\owner\Application Data\Microsoft
[2010/12/20 09:23:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\owner\SendTo
[2010/12/20 09:23:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\owner\Recent
[2010/12/20 09:23:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\owner\Application Data
[2010/12/20 09:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\Startup
[2010/12/20 09:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\Start Menu
[2010/12/20 09:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\My Documents
[2010/12/20 09:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\Favorites
[2010/12/20 09:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\Accessories
[2010/12/20 09:23:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\owner\Cookies
[2010/12/20 09:23:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Templates
[2010/12/20 09:23:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\PrintHood
[2010/12/20 09:23:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\NetHood
[2010/12/20 09:23:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Local Settings
[2010/12/20 09:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft
[2010/12/20 09:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop
[2010/12/20 09:23:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/12/20 09:23:14 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/12/20 09:23:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/12/20 09:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/12/20 09:23:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/12/20 09:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/12/20 09:22:11 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/12/20 09:22:11 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/12/20 09:21:32 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/12/20 09:21:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/12/20 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/12/20 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/12/20 09:21:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/12/20 09:20:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/12/20 09:20:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/12/20 09:20:32 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/12/20 09:20:27 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/12/20 09:20:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/12/20 09:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/12/20 09:19:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/12/20 09:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/12/20 09:19:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/12/20 09:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/12/20 09:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/12/20 09:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/12/20 09:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/12/20 09:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/12/20 09:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/12/20 09:18:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/12/20 09:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/12/20 09:18:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2010/12/20 09:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/12/20 09:18:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2010/12/20 09:18:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/12/20 09:18:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/12/20 09:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/12/20 09:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/12/20 09:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/12/20 09:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/12/20 09:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/12/20 09:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/12/20 09:17:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/12/20 09:17:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/12/20 09:17:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/12/20 09:17:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/13 19:44:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/13 19:39:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/13 19:39:14 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/13 19:39:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 19:21:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/23 11:04:08 | 000,014,786 | ---- | M] () -- C:\WINDOWS\fsa22.dat
[2010/12/23 10:48:40 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\10112010146103.xxe
[2010/12/22 22:29:42 | 000,035,284 | ---- | M] () -- C:\WINDOWS\mstas
[2010/12/22 22:26:27 | 000,000,001 | -H-- | M] () -- C:\WINDOWS\bt7.dat
[2010/12/22 22:26:27 | 000,000,001 | ---- | M] () -- C:\WINDOWS\5456456z
[2010/12/22 22:26:26 | 000,147,968 | ---- | M] () -- C:\WINDOWS\mike148.exe
[2010/12/22 22:23:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/22 19:08:08 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk
[2010/12/21 21:53:48 | 000,407,630 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/21 21:53:48 | 000,062,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 15:19:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/12/20 11:19:29 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Shortcut to Internet.lnk
[2010/12/20 11:14:01 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/20 11:14:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Windows Media Player.lnk
[2010/12/20 11:07:56 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2010/12/20 11:04:29 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/20 10:59:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/20 10:59:48 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/20 10:41:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/20 10:23:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/20 10:14:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/12/20 09:42:30 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/12/20 09:42:30 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/12/20 09:23:48 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/20 09:23:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/12/20 09:22:31 | 000,000,372 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/12/20 09:21:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/20 09:21:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/20 09:21:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/20 09:21:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/20 09:21:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/20 09:21:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/20 09:21:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/20 09:20:57 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/20 09:18:42 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/13 19:21:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/23 10:50:19 | 000,014,786 | ---- | C] () -- C:\WINDOWS\fsa22.dat
[2010/12/23 10:48:40 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\10112010146103.xxe
[2010/12/22 22:29:42 | 000,035,284 | ---- | C] () -- C:\WINDOWS\mstas
[2010/12/22 22:26:27 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bt7.dat
[2010/12/22 22:26:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\5456456z
[2010/12/22 22:26:26 | 000,147,968 | ---- | C] () -- C:\WINDOWS\mike148.exe
[2010/12/22 19:10:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI5_SETUP.ini
[2010/12/22 19:09:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\ME_setup.ini
[2010/12/22 19:08:08 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk
[2010/12/22 19:05:29 | 000,004,749 | R--- | C] () -- C:\WINDOWS\PD0620.uns
[2010/12/22 18:18:55 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/22 18:18:55 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/20 12:54:19 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2010/12/20 12:54:19 | 000,058,558 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/12/20 12:54:19 | 000,029,820 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/12/20 12:54:19 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2010/12/20 11:19:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Windows Media Player.lnk
[2010/12/20 11:19:29 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Shortcut to Internet.lnk
[2010/12/20 11:14:01 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/20 11:12:44 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/12/20 11:07:56 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/12/20 10:25:29 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/12/20 10:25:29 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/12/20 10:25:29 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/12/20 10:25:29 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/12/20 10:25:29 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/12/20 10:25:29 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/12/20 10:25:29 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/12/20 10:25:29 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/12/20 10:25:29 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/12/20 10:25:29 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/12/20 10:25:29 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/12/20 10:25:29 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/12/20 10:25:29 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/12/20 10:25:29 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/12/20 10:25:29 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/12/20 10:25:29 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/12/20 10:25:29 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/12/20 10:25:29 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/12/20 10:25:29 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/12/20 10:25:29 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/12/20 10:25:29 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/12/20 10:25:29 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/12/20 10:25:29 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/12/20 10:25:29 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/12/20 10:25:29 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/12/20 10:25:29 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/12/20 10:25:29 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/12/20 10:25:29 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/12/20 10:25:29 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/12/20 10:25:29 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/12/20 10:25:29 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/12/20 10:25:29 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/12/20 10:25:29 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/12/20 10:25:29 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/12/20 10:25:29 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/12/20 10:25:29 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/12/20 10:25:29 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/12/20 10:25:29 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/12/20 10:25:29 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/12/20 10:25:29 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/12/20 10:25:29 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/12/20 10:25:28 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/12/20 10:25:28 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/12/20 10:25:28 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/12/20 10:25:28 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/12/20 10:25:28 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/12/20 10:25:28 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/12/20 10:25:28 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/12/20 10:25:28 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/12/20 10:25:28 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/12/20 10:25:28 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/12/20 10:25:28 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/12/20 10:25:28 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/12/20 10:25:28 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/12/20 10:25:28 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/12/20 10:25:28 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/12/20 10:25:28 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/12/20 10:25:28 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/12/20 10:25:28 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/12/20 10:25:28 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/12/20 10:25:28 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/12/20 10:25:28 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/12/20 10:25:28 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/12/20 10:25:28 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/12/20 10:25:28 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/12/20 10:25:28 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/12/20 10:25:28 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/12/20 10:25:28 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/12/20 10:25:28 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/12/20 10:25:28 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/12/20 10:25:28 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/12/20 10:25:28 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/12/20 10:25:28 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/12/20 10:25:28 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/12/20 10:25:28 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/12/20 10:25:28 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/12/20 10:25:28 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/12/20 10:25:28 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/12/20 10:25:28 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/12/20 10:25:28 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/12/20 10:23:44 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/12/20 10:23:44 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/12/20 10:23:44 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/12/20 10:14:42 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/12/20 09:42:30 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/12/20 09:42:30 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/12/20 09:38:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/12/20 09:23:48 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/20 09:23:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/20 09:23:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/12/20 09:22:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 09:22:07 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/12/20 09:21:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/12/20 09:21:52 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/12/20 09:21:52 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/12/20 09:21:50 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/12/20 09:21:46 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/12/20 09:21:43 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/12/20 09:21:34 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/12/20 09:21:02 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/20 09:21:02 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/12/20 09:21:02 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/12/20 09:21:02 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/12/20 09:21:02 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/12/20 09:21:00 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/20 09:21:00 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/20 09:20:59 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/12/20 09:20:21 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/12/20 09:19:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/12/20 09:19:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/12/20 09:19:41 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/12/20 09:18:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/20 09:18:16 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/12/20 09:18:16 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/12/20 09:18:16 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/12/20 09:18:15 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/12/20 09:18:15 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/12/20 09:18:15 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/12/20 09:18:15 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/12/20 09:18:15 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/12/20 09:18:15 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/12/20 09:18:15 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/12/20 09:18:15 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/12/20 09:18:12 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/12/20 09:18:12 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/12/20 09:18:10 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/12/20 09:18:03 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/12/10 15:14:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/12/22 14:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\ooVoo Details
[2010/12/22 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\oovootoolbar
[2011/01/13 19:44:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on 1132011 75907 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = F
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale 00000409 Country United States Language ENU Date Format Mdyyyy

2.00 Gb Total Physical Memory 1.00 Gb Available Physical Memory 70.00% Memory free
4.00 Gb Paging File 3.00 Gb Available in Paging File 87.00% Paging File free
Paging file location(s) Cpagefile.sys 2046 4092 [binary data]

%SystemDrive% = C %SystemRoot% = CWINDOWS %ProgramFiles% = CProgram Files
Drive C 465.75 Gb Total Space 457.55 Gb Free Space 98.24% Space Free Partition Type NTFS
Drive E 1.87 Gb Total Space 1.86 Gb Free Space 99.91% Space Free Partition Type FAT
Drive F 3.74 Gb Total Spa ce 3.52 Gb Free Space 94.23% Space Free Partition Type FAT32

Computer Name OWNER-BABF459F1 User Name owner Logged in as Administrator.
Boot Mode Normal Scan Mode Current user Quick Scan
Company Name Whitelist On Skip Microsoft Files On No Company Name Whitelist On File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[color]


[color=#E56717]========== File Associations ==========[color]

[HKEY_LOCAL_MACHINESOFTWAREClassesextension]

[color=#E56717]========== Shell Spawning ==========[color]

[HKEY_LOCAL_MACHINESOFTWAREClasseskeyshell[command]command]
batfile [open] -- %1 %
cmdfile [open] -- %1 %
comfile [open] -- %1 %
exefile [open] -- %1 %
htmlfile [edit] -- Reg Error Key error.
piffile [open] -- %1 %
regfile [merge] -- Reg Error Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- %1 S
txtfile [edit] -- Reg Error Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%Explorer.exe idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe e,idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[color]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
FirstRunDisabled = 1
AntiVirusDisableNotify = 0
FirewallDisableNotify = 0
UpdatesDisableNotify = 1
AntiVirusOverride = 0
FirewallOverride = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[color]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
DisableSR = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]
Start = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]
Start = 2

[color=#E56717]========== Firewall Settings ==========[color]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
EnableFirewall = 1
DisableNotifications = 0
DoNotAllowExceptions = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
EnableFirewall = 1
DisableNotifications = 0
DoNotAllowExceptions = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
443TCP = 443TCPDisabledooVoo TCP port 443
443UDP = 443UDPDisabledooVoo UDP port 443
37674TCP = 37674TCPDisabledooVoo TCP port 37674
37674UDP = 37674UDPDisabledooVoo UDP port 37674
37675UDP = 37675UDPDisabledooVoo UDP port 37675

[color=#E56717]========== Authorized Applications List ==========[color]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
CProgram FilesooVooooVoo.exe = CProgram FilesooVooooVoo.exeDisabledooVoo -- (ooVoo LLC)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[color]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
{0A0CADCF-78DA-33C4-A350-CD51849B9702} = Microsoft .NET Framework 4 Extended
{18455581-E099-4BA8-BC6B-F34B2F06600C} = Google Toolbar for Internet Explorer
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = Google Toolbar for Internet Explorer
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} = WebFldrs XP
{3C3901C5-3455-3E0A-A214-0B093A5070A6} = Microsoft .NET Framework 4 Client Profile
{774088D4-0777-4D78-904D-E435B318F5D2} = Microsoft Antimalware
{77A776C4-D10F-416D-88F0-53F2D9DCD9B3} = Microsoft Security Client
{95120000-00B9-0409-0000-0000000FF1CE} = Microsoft Application Error Reporting
{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} = Google Update Helper
{DD54CF66-090B-43E7-97C1-110EF526474D} = ArcSoft Multimedia Email
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} = Adobe Download Manager
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} = Realtek High Definition Audio Driver
{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623} = ooVoo
{FC888095-A35E-4993-A9E0-366BF6F0CCE0} = ArcSoft PhotoImpression 5
Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
Creative PD0620 = Creative WebCam Instant Driver (1.00.08.0416)
Creative WebCam Center = Creative WebCam Center
Creative WebCam Instant User's Guide English = Creative WebCam Instant User's Guide (English)
Get Yahoo! Messenger = Get Yahoo! Messenger
HDMI = Intel® Graphics Media Accelerator Driver
HECI = Intel® Management Engine Interface
ie8 = Windows Internet Explorer 8
Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware
MESOL = Intel® Active Management Technology
Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended = Microsoft .NET Framework 4 Extended
Microsoft Security Client = Microsoft Security Essentials
oovootoolbar = ooVoo Toolbar
PROSet = Intel® PRO Network Connections Drivers
Search Toolbar = Search Toolbar
Windows XP Service Pack = Windows XP Service Pack 3
WinRAR archiver = WinRAR 4.00 beta 3 (32-bit)

[color=#E56717]========== Last 10 Event Log Errors ==========[color]

[ Application Events ]
Error - 12232010 115542 AM Computer Name = OWNER-BABF459F1 Source = MPSampleSubmission ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1132011 81553 PM Computer Name = OWNER-BABF459F1 Source = MPSampleSubmission ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 1132011 83332 PM Computer Name = OWNER-BABF459F1 Source = Intel® AMT ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 1132011 83337 PM Computer Name = OWNER-BABF459F1 Source = Google Update ID = 20
Description =

Error - 1132011 83457 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Security Client ID = 5000
Description =

Error - 1132011 83644 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Security Client ID = 5000
Description =

Error - 1132011 83919 PM Computer Name = OWNER-BABF459F1 Source = Intel® AMT ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 1132011 83924 PM Computer Name = OWNER-BABF459F1 Source = Google Update ID = 20
Description =

Error - 1132011 83947 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Security Client ID = 5000
Description =

Error - 1132011 84147 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Security Client ID = 5000
Description =

[ System Events ]
Error - 1132011 83123 PM Computer Name = OWNER-BABF459F1 Source = DCOM ID = 10005
Description = DCOM got error %1084 attempting to start the service EventSystem
with arguments in order to run the server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1132011 83126 PM Computer Name = OWNER-BABF459F1 Source = DCOM ID = 10005
Description = DCOM got error %1084 attempting to start the service EventSystem
with arguments in order to run the server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1132011 83457 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Antimalware ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following
httpgo.microsoft.comfwlinklinkid=37020&name=TrojanDOSAlureon.A&threatid=2147636949

Name
TrojanDOSAlureon.A ID 2147636949 Severity Severe Category Trojan Path boot_DeviceHarddisk0DR0;boot_DeviceHarddisk0DR0(MBR)

Detection
Origin %%845 Detection Type %%822 Detection Source %%818 User OWNER-BABF459F1owner

Process
Name CWINDOWSsystem32wbemwmiprvse.exe Action %%808 Action Status To finish
removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code 0x800704ec

Error
description Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Signature Version AV 1.95.2294.0, AS 1.95.2294.0,
NIS 0.0.0.0 Engine Version AM 1.1.6402.0, NIS 0.0.0.0

Error - 1132011 83457 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Antimalware ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following
httpgo.microsoft.comfwlinklinkid=37020&name=TrojanDOSAlureon.A&threatid=2147636949

Name
TrojanDOSAlureon.A ID 2147636949 Severity Severe Category Trojan Path boot_DeviceHarddisk0DR0;boot_DeviceHarddisk0DR0(MBR)

Detection
Origin %%845 Detection Type %%822 Detection Source %%818 User OWNER-BABF459F1owner

Process
Name CWINDOWSsystem32wbemwmiprvse.exe Action %%809 Action Status To finish
removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code 0x80070032

Error
description The request is not supported. Signature Version AV 1.95.2294.0,
AS 1.95.2294.0, NIS 0.0.0.0 Engine Version AM 1.1.6402.0, NIS 0.0.0.0

Error - 1132011 83552 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Antimalware ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following
httpgo.microsoft.comfwlinklinkid=37020&name=TrojanDOSAlureon.A&threatid=2147636949

Name
TrojanDOSAlureon.A ID 2147636949 Severity Severe Category Trojan Path boot_DeviceHarddisk0DR0;boot_DeviceHarddisk0DR0(MBR)

Detection
Origin %%845 Detection Type %%822 Detection Source %%818 User OWNER-BABF459F1owner

Process
Name CProgram FilesMalwarebytes' Anti-Malwarembam.exe Action %%808 Action Status
To finish removing malware and other potentially unwanted software, restart the
computer. To see how to finish removing malware and other potentially unwanted
software, see the support article on the Microsoft Security website. Error Code
0x800704ec Error description Windows cannot open this program because it has been
prevented by a software restriction policy. For more information, open Event Viewer
or contact your system administrator. Signature Version AV 1.95.2294.0, AS 1.95.2294.0,
NIS 0.0.0.0 Engine Version AM 1.1.6402.0, NIS 0.0.0.0

Error - 1132011 83552 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Antimalware ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following
httpgo.microsoft.comfwlinklinkid=37020&name=TrojanDOSAlureon.A&threatid=2147636949

Name
TrojanDOSAlureon.A ID 2147636949 Severity Severe Category Trojan Path boot_DeviceHarddisk0DR0;boot_DeviceHarddisk0DR0(MBR)

Detection
Origin %%845 Detection Type %%822 Detection Source %%818 User OWNER-BABF459F1owner

Process
Name CProgram FilesMalwarebytes' Anti-Malwarembam.exe Action %%809 Action Status
To finish removing malware and other potentially unwanted software, restart the
computer. To see how to finish removing malware and other potentially unwanted
software, see the support article on the Microsoft Security website. Error Code
0x80070032 Error description The request is not supported. Signature Version AV
1.95.2294.0, AS 1.95.2294.0, NIS 0.0.0.0 Engine Version AM 1.1.6402.0, NIS
0.0.0.0

Error - 1132011 83944 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Antimalware ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following
httpgo.microsoft.comfwlinklinkid=37020&name=TrojanDOSAlureon.A&threatid=2147636949

Name
TrojanDOSAlureon.A ID 2147636949 Severity Severe Category Trojan Path boot_DeviceHarddisk0DR0;boot_DeviceHarddisk0DR0(MBR)

Detection
Origin %%845 Detection Type %%822 Detection Source %%818 User OWNER-BABF459F1owner

Process
Name CWINDOWSsystem32wbemwmiprvse.exe Action %%808 Action Status To finish
removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code 0x800704ec

Error
description Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Signature Version AV 1.95.2294.0, AS 1.95.2294.0,
NIS 0.0.0.0 Engine Version AM 1.1.6402.0, NIS 0.0.0.0

Error - 1132011 83944 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Antimalware ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following
httpgo.microsoft.comfwlinklinkid=37020&name=TrojanDOSAlureon.A&threatid=2147636949

Name
TrojanDOSAlureon.A ID 2147636949 Severity Severe Category Trojan Path boot_DeviceHarddisk0DR0;boot_DeviceHarddisk0DR0(MBR)

Detection
Origin %%845 Detection Type %%822 Detection Source %%818 User OWNER-BABF459F1owner

Process
Name CWINDOWSsystem32wbemwmiprvse.exe Action %%809 Action Status To finish
removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software,
see the support article on the Microsoft Security website. Error Code 0x80070032

Error
description The request is not supported. Signature Version AV 1.95.2294.0,
AS 1.95.2294.0, NIS 0.0.0.0 Engine Version AM 1.1.6402.0, NIS 0.0.0.0

Error - 1132011 84145 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Antimalware ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following
httpgo.microsoft.comfwlinklinkid=37020&name=TrojanDOSAlureon.A&threatid=2147636949

Name
TrojanDOSAlureon.A ID 2147636949 Severity Severe Category Trojan Path boot_DeviceHarddisk0DR0(MBR);boot_DeviceHarddisk0DR0(MBR)(MBR)

Detection
Origin %%845 Detection Type %%822 Detection Source %%820 User OWNER-BABF459F1owner

Process
Name Unknown Action %%808 Action Status To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code 0x800704ec Error description Windows cannot
open this program because it has been prevented by a software restriction policy.
For more information, open Event Viewer or contact your system administrator. Signature
Version AV 1.95.2294.0, AS 1.95.2294.0, NIS 0.0.0.0 Engine Version AM 1.1.6402.0,
NIS 0.0.0.0

Error - 1132011 84145 PM Computer Name = OWNER-BABF459F1 Source = Microsoft Antimalware ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following
httpgo.microsoft.comfwlinklinkid=37020&name=TrojanDOSAlureon.A&threatid=2147636949

Name
TrojanDOSAlureon.A ID 2147636949 Severity Severe Category Trojan Path boot_DeviceHarddisk0DR0(MBR);boot_DeviceHarddisk0DR0(MBR)(MBR)

Detection
Origin %%845 Detection Type %%822 Detection Source %%820 User OWNER-BABF459F1owner

Process
Name Unknown Action %%809 Action Status To finish removing malware and other
potentially unwanted software, restart the computer. To see how to finish removing
malware and other potentially unwanted software, see the support article on the
Microsoft Security website. Error Code 0x80070032 Error description The request
is not supported. Signature Version AV 1.95.2294.0, AS 1.95.2294.0, NIS 0.0.0.0

Engine
Version AM 1.1.6402.0, NIS 0.0.0.0


End of report


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello MattyDavis,

Please just post your logs normally. Posting them in quotes makes it hard for us to analyse and can be a problem as we use quotes in some of our replies and tools.

Moving on

I guess you will have to transfer these actions to your infected machine.

Now

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    
    :Commands
    [emptytemp]
    [emptyflash]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

So when you return please post
  • OTL fix log
  • log.txt from TDSSKiller

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP