I'm trying to clean up a friend's computer who was experiencing some symptoms that I'll describe later. There was no antivirus on the computer (Windows XP, 32bit), so I installed and ran Microsoft Security Essentials. MSE found a series of trojans, Alureon.gen and other trojans with Alureon in the name. After selecting for MSE to remove the trojans, I restarted and rescanned to find that it had simply rebuilt itself. Never a good sign.
Symptoms:
- As mentioned above, the trojan reappears after removal. One of the reasons I said it was potentially dangerous.
- It has disabled Windows Firewall, the OTHER reason I said this was potentially dangerous. When selecting Windows Firewall via the Control Panel, the options to turn it on or off are grayed out, but with off selected.
- Computer runs fairly slow, but how much of this is attributable to the virus itself is unknown.
- Certain programs won't install. They crash before the installer gets to launch. There doesn't seem to be any particular pattern to this, since I was able to install MSE just fine, but not something like Google Chrome.
Other than that, it's hard to say what else could be going on since this isn't my computer, and there are very few programs that are used on it.
Below is the log. I'd greatly appreciate anyone who can offer help on removing this stubborn thing:
OTL logfile created on: 5/28/2012 12:26:26 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = I:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.80 Mb Total Physical Memory | 190.21 Mb Available Physical Memory | 37.83% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 70.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.27 Gb Total Space | 49.29 Gb Free Space | 86.06% Space Free | Partition Type: NTFS
Drive D: | 263.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 501.72 Mb Total Space | 501.14 Mb Free Space | 99.88% Space Free | Partition Type: FAT
Computer Name: YOUR-865C5E18BB | User Name: bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/28 11:59:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/08/30 02:07:02 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/15 12:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/08/06 00:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/03/11 22:18:54 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
========== Modules (No Company Name) ==========
MOD - [2009/08/30 02:07:01 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2005/03/20 08:36:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll
MOD - [2005/02/24 20:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ses_cl.dll
MOD - [2004/09/29 15:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/08/06 00:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2002/09/27 18:56:20 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys -- (Sunkfiltp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fnuecgsh.sys -- (fnuecgsh)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/28 12:23:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD454B92-B99B-41B5-8774-5CD10EB081DA}\MpKsl2ae49144.sys -- (MpKsl2ae49144)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/11/15 15:22:40 | 000,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/09/21 22:01:27 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/06/17 22:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 22:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/22 18:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 18:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/01/10 07:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 07:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
[2012/05/24 20:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/19 16:36:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/07/02 14:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2009/07/23 00:21:41 | 000,000,155 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.206.201.9 system-guard2009.microsoft.com
O1 - Hosts: 91.206.201.9 system-guard2009.com
O1 - Hosts: 91.206.201.9 www.system-guard2009.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [brastk] brastk.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nwmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: nwmls.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: rapmls.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rapmls.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE77364C-4BDA-4249-A58F-8D4D41DB8CDB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9BCE7E0-CFC4-4540-A3AF-212AFFA22426}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - AppInit_DLLs: (karna.dats\system3) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bruce\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/21 21:44:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/04/26 10:37:38 | 000,000,246 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1192f5fc-2ab0-11dd-b47b-00038a000015}\Shell\autOplAY\coMmAnd - "" = iiaaq.cmd
O33 - MountPoints2\{1192f5fc-2ab0-11dd-b47b-00038a000015}\Shell\AutoRun\command - "" = iiaaq.cmd
O33 - MountPoints2\{1192f5fc-2ab0-11dd-b47b-00038a000015}\Shell\eXPLore\CommAnd - "" = iiaaq.cmd
O33 - MountPoints2\{1192f5fc-2ab0-11dd-b47b-00038a000015}\Shell\OPEN\CoMmand - "" = iiaaq.cmd
O33 - MountPoints2\{a745b5de-f324-11dd-b53d-001ee51f113f}\Shell\AutoRun\command - "" = I:\podcastready.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/28 12:17:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/28 00:17:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/05/28 00:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/05/28 00:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/05/28 00:16:12 | 000,000,000 | ---D | C] -- C:\b83c8c44d49f015293
[2012/05/27 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bruce\Application Data\ElevatedDiagnostics
[2012/05/27 21:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/05/27 21:09:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/05/27 21:08:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bruce\IECompatCache
[2012/05/27 21:07:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bruce\PrivacIE
[2012/05/27 20:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/27 20:07:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\bruce\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/27 19:45:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bruce\IETldCache
[2012/05/27 19:36:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/05/27 19:35:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/05/27 19:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/05/24 23:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/05/24 20:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bruce\Local Settings\Application Data\Deployment
[2012/05/24 20:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2012/05/24 20:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/28 12:22:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/28 12:22:04 | 527,290,368 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/28 12:18:47 | 000,434,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/28 12:18:47 | 000,068,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/28 12:13:50 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/27 22:10:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/27 22:05:03 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/27 20:09:15 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/27 20:08:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/27 19:33:16 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\bruce\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/27 19:26:35 | 000,000,285 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/05/24 20:01:34 | 000,004,472 | ---- | M] () -- C:\Documents and Settings\bruce\Application Data\wklnhst.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/27 20:41:54 | 527,290,368 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/27 20:19:07 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/27 20:09:15 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/05/27 20:09:08 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/27 19:26:35 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/05/24 23:43:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/05/24 19:47:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/24 19:47:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
========== LOP Check ==========
[2007/10/02 15:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2007/10/15 15:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2009/09/28 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/12 19:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/05/27 21:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\ElevatedDiagnostics
[2009/05/10 02:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\MSNInstaller
[2008/09/23 21:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\Template
[2007/09/18 15:50:33 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >