[RESOLVED] trojan:dos/alureon.e

Started By fergiedog, Feb 02 2012 11:20 PM

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

24 replies to this topic

#1 fergiedog

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 02 February 2012 - 11:20 PM

Hi There

I've been trying to help a friend for several days via remote assistance Installing XP © and have encountered a problem.
After installing ms security essentials it found trojan:dos/alureon.e in the boot drive of the second partition (D)
I presume it was on the 2nd hard drive with vista (E), (F) and some backup files I have copied over. I suspect he has also infected his usb drive. At present the 2nd HD is disconnected, usb is inserted. Before I read all the correct procedures
I ran combo fix and rkill. I realize I did not follow protocol so I am not sure whether I should attach the 2 logs.

Attached Files

ComboFix.txt 19.96K 14 downloads
rkill.log 382bytes 2 downloads

#2 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 02 February 2012 - 11:24 PM

Welcome aboard :yahooo:

Please complete all steps from here: http://www.smartestc...ease-read-this/
Make sure all logs are pasted not attached.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

#3 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 03 February 2012 - 03:29 PM

I presume that the virus is responsible, I am unabe to connect to my friends computer. We can comunicate with windows messenger but I cannot
take control. I believe the virus changes the proxy settings . My friend is not computer savvy. How does he change the settings so we can connect through win messenger.

Thanks in advance
Fergiedog

#4 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 03 February 2012 - 03:49 PM

Fixing computer through a 3rd party usually is complicated.
You guys can try to install some remote control utility such as Team Viewer.

#5 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 03 February 2012 - 11:05 PM

Team Viewer worked great, here are the logs.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: JOSEPH-4C60E4B9 [administrator]

2/3/2012 11:03:13 AM
mbam-log-2012-02-03 (11-03-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248826
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-03 13:32:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000061 Hitachi_HDP725050GLA360 rev.GM4OA5CA
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1.JOS\LOCALS~1\Temp\kwniqfog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINXP\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6E133A0, 0x88C445, 0xE8000020]
? C:\DOCUME~1\ADMINI~1.JOS\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINXP\system32\SearchIndexer.exe[1916] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINXP\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINXP\Explorer.EXE[3444] SHELL32.dll!StrStrW 7C9CEE90 8 Bytes [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[3444] @ C:\WINXP\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-03 14:03:13
-----------------------------
14:03:13.656 OS Version: Windows 5.1.2600 Service Pack 3
14:03:13.656 Number of processors: 2 586 0x4303
14:03:13.656 ComputerName: JOSEPH-4C60E4B9 UserName: Administrator
14:03:13.921 Initialize success
14:03:50.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
14:03:50.312 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
14:03:50.312 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
14:03:50.312 Disk 1 Vendor: Hitachi_HDT725050VLA360 V56OA7BA Size: 476940MB BusType: 3
14:03:50.406 Disk 0 MBR read successfully
14:03:50.421 Disk 0 MBR scan
14:03:50.421 Disk 0 Windows XP default MBR code
14:03:50.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49996 MB offset 63
14:03:50.484 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 426940 MB offset 102392640
14:03:50.531 Disk 0 scanning sectors +976767120
14:03:50.734 Disk 0 scanning C:\WINXP\system32\drivers
14:04:10.640 Service scanning
14:04:11.375 Modules scanning
14:04:38.593 Disk 0 trace - called modules:
14:04:38.609
14:04:38.609 Scan finished successfully
14:06:58.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\MBR.dat"
14:06:58.421 The log file has been saved successfully to "C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\aswMBR.txt"

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 14:08:25 on 2012-02-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2316 [GMT -8:00]
.
FW: ActiveArmor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINXP\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINXP\system32\spoolsv.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINXP\Explorer.EXE
C:\WINXP\RTHDCPL.EXE
C:\WINXP\system32\RunDLL32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
c:\program files\teamviewer\version7\TeamViewer_Desktop.exe
C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\aswMBR.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5AE29E83-0A83-4B2C-A291-EDE3295D2821} : DhcpNameServer = 10.0.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator.joseph-4c60e4b9\application data\mozilla\firefox\profiles\j9ggo1oh.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-28 2214504]
R3 KeyScrambler;KeyScrambler;c:\winxp\system32\drivers\keyscrambler.sys [2012-1-28 225592]
S3 1937;1937;c:\winxp\system32\drivers\1937 --> c:\winxp\system32\drivers\1937 [?]
.
=============== Created Last 30 ================
.
2012-02-03 19:01:49 20464 ----a-w- c:\winxp\system32\drivers\mbam.sys
2012-02-03 19:01:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 16:12:25 -------- d-----w- c:\documents and settings\administrator.joseph-4c60e4b9\application data\TeamViewer
2012-02-03 16:12:18 -------- d-----w- c:\program files\TeamViewer
2012-02-02 21:10:57 -------- d-sha-r- C:\cmdcons
2012-02-02 21:09:47 98816 ----a-w- c:\winxp\sed.exe
2012-02-02 21:09:47 518144 ----a-w- c:\winxp\SWREG.exe
2012-02-02 21:09:47 256000 ----a-w- c:\winxp\PEV.exe
2012-02-02 21:09:47 208896 ----a-w- c:\winxp\MBR.exe
2012-02-02 20:45:36 -------- d-----w- c:\winxp\SxsCaPendDel
2012-01-29 18:00:38 -------- d-----w- c:\program files\MSXML 4.0
2012-01-29 14:13:48 274288 ----a-w- c:\winxp\system32\mucltui.dll
2012-01-29 14:13:48 215920 ----a-w- c:\winxp\system32\muweb.dll
2012-01-29 14:13:48 16736 ----a-w- c:\winxp\system32\mucltui.dll.mui
2012-01-29 02:37:00 -------- d-----w- c:\winxp\system32\NtmsData
2012-01-29 02:31:24 -------- d-----w- c:\documents and settings\administrator.joseph-4c60e4b9\application data\Windows Search
2012-01-29 00:15:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-28 23:53:09 12872 ----a-w- c:\winxp\system32\bootdelete.exe
2012-01-28 23:50:09 23624 ----a-w- c:\winxp\system32\drivers\hitmanpro35.sys
2012-01-28 23:50:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-01-28 23:49:13 -------- d-----w- c:\documents and settings\all users.winxp\application data\Hitman Pro
2012-01-28 23:37:06 -------- d-----w- C:\Downloads
2012-01-28 22:14:47 95568 ----a-w- c:\winxp\system32\Vetredir.dll
2012-01-28 22:14:47 206160 ----a-w- c:\winxp\system32\Isafprod.dll
2012-01-28 22:14:47 128336 ----a-w- c:\winxp\system32\Isafeif.dll
2012-01-28 20:49:14 -------- d-----w- c:\program files\common files\Scanner
2012-01-28 20:49:04 -------- d-----w- c:\winxp\rnapxs
2012-01-28 20:42:50 -------- d-----w- c:\documents and settings\administrator.joseph-4c60e4b9\local settings\application data\Adobe
2012-01-28 20:34:04 -------- d-----w- c:\documents and settings\all users.winxp\application data\QFX Software
2012-01-28 20:34:04 -------- d-----w- c:\documents and settings\administrator.joseph-4c60e4b9\application data\QFX Software
2012-01-28 20:31:08 414368 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2012-01-28 20:24:29 28552 ----a-w- c:\winxp\system32\spool\prtprocs\w32x86\mdippr.dll
2012-01-28 20:24:29 28040 ----a-w- c:\winxp\system32\mdimon.dll
2012-01-28 20:22:19 -------- d-----w- c:\winxp\SHELLNEW
2012-01-28 20:15:22 225592 ----a-w- c:\winxp\system32\drivers\keyscrambler.sys
2012-01-28 20:15:22 -------- d-----w- c:\program files\KeyScrambler
2012-01-28 18:32:19 -------- d-----w- c:\documents and settings\administrator.joseph-4c60e4b9\application data\Malwarebytes
2012-01-28 18:32:11 -------- d-----w- c:\documents and settings\all users.winxp\application data\Malwarebytes
2012-01-28 17:35:33 236576 ------w- c:\winxp\system32\MpSigStub.exe
2012-01-28 17:28:23 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-28 16:53:58 -------- d-----w- c:\documents and settings\administrator.joseph-4c60e4b9\local settings\application data\ApplicationHistory
2012-01-28 16:43:34 -------- d-----w- c:\winxp\system32\SoftwareDistribution
2012-01-28 16:43:04 446464 ----a-w- c:\winxp\system32\nvunrm.exe
2012-01-28 16:43:04 110592 ----a-w- c:\winxp\system32\drivers\nvtcp.sys
2012-01-28 16:42:19 446464 ----a-w- c:\winxp\system32\NVUNINST.EXE
2012-01-28 16:42:04 -------- d-----w- C:\NVIDIA
2012-01-28 15:50:55 -------- d-----w- c:\winxp\system32\Lang
2012-01-28 15:43:08 -------- d-----w- c:\winxp\system32\XPSViewer
2012-01-28 15:42:56 89088 ----a-w- c:\winxp\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-28 15:42:52 89088 -c----w- c:\winxp\system32\dllcache\filterpipelineprintproc.dll
2012-01-28 15:42:52 597504 -c----w- c:\winxp\system32\dllcache\printfilterpipelinesvc.exe
2012-01-28 15:42:52 597504 ------w- c:\winxp\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-28 15:42:52 575488 -c----w- c:\winxp\system32\dllcache\xpsshhdr.dll
2012-01-28 15:42:52 575488 ------w- c:\winxp\system32\xpsshhdr.dll
2012-01-28 15:42:52 1676288 -c----w- c:\winxp\system32\dllcache\xpssvcs.dll
2012-01-28 15:42:52 1676288 ------w- c:\winxp\system32\xpssvcs.dll
2012-01-28 15:42:52 117760 ------w- c:\winxp\system32\prntvpt.dll
2012-01-28 15:40:56 -------- d--h--w- c:\winxp\system32\GroupPolicy
2012-01-28 15:40:56 -------- d-----w- c:\program files\Windows Desktop Search
2012-01-28 15:40:07 -------- d-----w- c:\winxp\system32\URTTemp
2012-01-28 15:38:37 602112 -c----w- c:\winxp\system32\dllcache\msfeeds.dll
2012-01-28 15:38:37 55296 -c----w- c:\winxp\system32\dllcache\msfeedsbs.dll
2012-01-28 15:38:36 743424 -c----w- c:\winxp\system32\dllcache\iedvtool.dll
2012-01-28 15:38:36 247808 -c----w- c:\winxp\system32\dllcache\ieproxy.dll
2012-01-28 15:38:36 2001408 -c----w- c:\winxp\system32\dllcache\iertutil.dll
2012-01-28 15:38:36 12800 -c----w- c:\winxp\system32\dllcache\xpshims.dll
2012-01-28 15:37:27 6144 -c----w- c:\winxp\system32\dllcache\iecompat.dll
2012-01-28 15:37:19 457856 -c----w- c:\winxp\system32\dllcache\mrxsmb.sys
2012-01-28 14:45:57 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-28 14:45:06 446464 ----a-w- c:\winxp\system32\CapabilityTable.exe
2012-01-28 14:44:59 208896 ------w- c:\winxp\system32\nvuide.exe
2012-01-28 14:44:58 -------- d-----w- c:\winxp\system32\ReinstallBackups
2012-01-27 16:47:55 25856 -c--a-w- c:\winxp\system32\dllcache\usbprint.sys
2012-01-27 16:47:55 25856 ----a-w- c:\winxp\system32\drivers\usbprint.sys
2012-01-27 00:30:56 -------- d-sh--w- c:\documents and settings\administrator.joseph-4c60e4b9\PrivacIE
2012-01-27 00:25:12 53248 ----a-w- c:\winxp\system32\CSVer.dll
2012-01-27 00:00:26 9216 -c--a-w- c:\winxp\system32\dllcache\wamps51.dll
.
==================== Find3M ====================
.
2012-01-28 15:45:59 273344 ----a-w- c:\winxp\system32\nvdrsdb0.bin
2012-01-28 15:45:59 1 ----a-w- c:\winxp\system32\nvdrssel.bin
2012-01-28 15:45:27 273344 ----a-w- c:\winxp\system32\nvdrsdb1.bin
2011-11-25 21:56:26 293376 ----a-w- c:\winxp\system32\winsrv.dll
2011-11-23 13:29:56 1868544 ----a-w- c:\winxp\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\winxp\system32\packager.exe
2011-11-16 14:20:51 354816 ----a-w- c:\winxp\system32\winhttp.dll
2011-11-16 14:20:51 152064 ----a-w- c:\winxp\system32\schannel.dll
.
============= FINISH: 14:14:10.59 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/26/2012 4:00:39 PM
System Uptime: 2/3/2012 9:41:17 AM (5 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2611/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 34.439 GiB free.
D: is FIXED (NTFS) - 417 GiB total, 66.225 GiB free.
E: is FIXED (NTFS) - 456 GiB total, 367.213 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 1.301 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
M: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 1/26/2012 4:03:17 PM - System Checkpoint
RP2: 1/28/2012 6:45:33 AM - Installed NVIDIA ForceWare Network Access Manager
RP3: 1/28/2012 7:11:45 AM - Software Distribution Service 3.0
RP4: 1/28/2012 7:40:02 AM - Software Distribution Service 3.0
RP5: 1/28/2012 7:52:26 AM - Installed Windows XP WgaNotify.
RP6: 1/28/2012 8:53:23 AM - Software Distribution Service 3.0
RP7: 1/28/2012 9:11:42 AM - Software Distribution Service 3.0
RP8: 1/28/2012 9:35:33 AM - Software Distribution Service 3.0
RP9: 1/28/2012 12:22:15 PM - Installed Microsoft Office Professional Edition 2003
RP10: 1/28/2012 12:24:28 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP11: 1/28/2012 12:41:49 PM - Installed Adobe Reader X (10.1.2).
RP12: 1/28/2012 12:48:36 PM - CA Internet Security Suite
RP13: 1/28/2012 2:13:36 PM - CA Internet Security Suite
RP14: 1/29/2012 10:00:28 AM - Software Distribution Service 3.0
RP15: 2/1/2012 1:07:34 PM - System Checkpoint
RP16: 2/2/2012 12:46:12 PM - CA Internet Security Suite
RP17: 2/2/2012 12:59:59 PM - CA Internet Security Suite
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Data Fax SoftModem with SmartCP
DriveImage XML (Private Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
KeyScrambler
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 275.33
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA Update 1.3.5
NVIDIA Update Components
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB980195)
TeamViewer 7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Search 4.0
.
==== Event Viewer Messages From Past Week ========
.
1/28/2012 9:59:00 AM, error: TermServDevices [1112] - Failed to register for user printing preferences change notification. Open the Services snap-in and confirm that the Printer Spooler service is running
1/28/2012 9:42:28 AM, error: Microsoft Antimalware [1119] -
1/28/2012 8:46:28 AM, error: System Error [1003] - Error code 10000050, parameter1 baba00d0, parameter2 00000001, parameter3 bf8d5b5f, parameter4 00000000.
1/28/2012 8:22:15 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E8CB6039D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/28/2012 7:43:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
1/28/2012 7:43:17 AM, error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/28/2012 2:25:29 PM, error: Service Control Manager [7034] - The CAISafe service terminated unexpectedly. It has done this 1 time(s).
1/28/2012 2:24:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CaCCProvSP service to connect.
1/28/2012 2:24:47 PM, error: Service Control Manager [7000] - The CaCCProvSP service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/28/2012 2:24:47 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
1/28/2012 2:20:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/28/2012 2:20:46 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#6 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 03 February 2012 - 11:59 PM

What happened to MSE?
I don't see it running?

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

==================================================================

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

#7 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 04 February 2012 - 03:35 PM

Hi Broni

I ran 2 files, 64 bit would not run. Boot kit file complained, (ata read device IO control error 1

scis pass through direct will be used for disk IO). I had removed all security, do you want me to reinstaqll and run MSE?

.\debug.cpp(238) : Debug log started at 04.02.2012 - 15:05:16
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINXP\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINXP\system32\hal.dll"
.\debug.cpp(256) : 0xb85a8000 0x00002000 "\WINXP\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xb84b8000 0x00003000 "\WINXP\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb7f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xb85aa000 0x00002000 "\WINXP\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb7f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xb80a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xb80b8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xb80c8000 0x0000e000 "\WINXP\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xb8670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xb8328000 0x00007000 "\WINXP\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xb80d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb7f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xb85ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb7f23000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xb8330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xb80e8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb7f0b000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb7ef1000 0x0001a000 "nvata.sys"
.\debug.cpp(256) : 0xb80f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xb8108000 0x0000d000 "\WINXP\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb7ed1000 0x00020000 "fltMgr.sys"
.\debug.cpp(256) : 0xb7ebf000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xb7ea8000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb7e1b000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb7dee000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb7dd4000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xb8138000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xb8158000 0x0000d000 "\SystemRoot\system32\DRIVERS\AmdPPM.sys"
.\debug.cpp(256) : 0xb84a8000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xb787a000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xb84b0000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb7844000 0x00036000 "\SystemRoot\system32\DRIVERS\HSFHWBS2.sys"
.\debug.cpp(256) : 0xb7821000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xb7723000 0x000fe000 "\SystemRoot\system32\DRIVERS\HSF_DP.sys"
.\debug.cpp(256) : 0xb7677000 0x000ac000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xb8340000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xb764f000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb8168000 0x0000a000 "\SystemRoot\system32\DRIVERS\nvnetbus.sys"
.\debug.cpp(256) : 0xb7565000 0x000ea000 "\SystemRoot\system32\DRIVERS\NVNRM.SYS"
.\debug.cpp(256) : 0xb8178000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xb8188000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xb8198000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb693b000 0x00c2a000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb690b000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb869f000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xb81a8000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb8574000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb68d3000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xb81b8000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xb81c8000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xb8360000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb68c2000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xb81d8000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xb8368000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xb8370000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb6892000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xb81e8000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xb8378000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xb8380000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xb85c0000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb6834000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb8590000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb8208000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xb8218000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xb85c2000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xb8228000 0x0000e000 "\SystemRoot\system32\DRIVERS\NVENETFD.sys"
.\debug.cpp(256) : 0xb387d000 0x004f7000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0xb3859000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xb8248000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb85c6000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xb8692000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xb85c8000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xb83b8000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xb83c0000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xb85ca000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xb85cc000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb83c8000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb83d0000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb78a2000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb37fe000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb37a5000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb377d000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb3757000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb8550000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0xb370d000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb8278000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb8288000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xb82a8000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xb3642000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb35d2000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb82b8000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb83d8000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xb855c000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xb82f8000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xb83e0000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xb3d90000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xb3d78000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xb359d000 0x00035000 "\SystemRoot\System32\drivers\keyscrambler.sys"
.\debug.cpp(256) : 0xb3e13000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb355b000 0x0001a000 "\SystemRoot\System32\Drivers\dump_nvata.sys"
.\debug.cpp(256) : 0xb85f2000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c9000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb3839000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xb8400000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xb86f0000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbd012000 0x00401000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbd413000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xb24b8000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb2243000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xb2157000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xb2350000 0x00003000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xb20d7000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb1cb2000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb1e77000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xb18d9000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xb14ee000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINXP\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4c218e2e-4833-11e1-8b8e-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\NvAta1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00#4&72acdaa&0&5020#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5AE29E83-0A83-4B2C-A291-EDE3295D2821}"
.\debug.cpp(400) : Destination "\Device\{5AE29E83-0A83-4B2C-A291-EDE3295D2821}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_SM#xD-Picture&Rev_1.00#20021111153705700&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0f0c&MI_01&Col04#7&32b6c360&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0951&Pid_1603#001CC0EC3449AA3046B92B8D#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03F1&SUBSYS_2A58103C&REV_A3#3&2411e6fe&0&10#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4c218e2a-4833-11e1-8b8e-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4c218e2b-4833-11e1-8b8e-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4c218e2d-4833-11e1-8b8e-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-H653N________________0609#4&4d7cbb2&0&1.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0f0c&MI_01&Col02#7&32b6c360&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_0f0c#5&10a37e25&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F4604159-27AD-49CA-ABE5-953FBCCB9D2A}"
.\debug.cpp(400) : Destination "\Device\{F4604159-27AD-49CA-ABE5-953FBCCB9D2A}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00#20021111153705700&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000075"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03EF&SUBSYS_2A58103C&REV_A2#3&2411e6fe&0&38#{c4f6eed3-1c5e-4f43-a768-83ecba42fcc1}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&18e2f93e&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature1549F232Offset7E00Length720CB6E200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0f0c&MI_01&Col04#7&32b6c360&0&0003#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{93A0B75F-6D31-432D-85F9-ECC9E97A5413}"
.\debug.cpp(400) : Destination "\Device\{93A0B75F-6D31-432D-85F9-ECC9E97A5413}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4c218e2c-4833-11e1-8b8e-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DP(1)0-0+f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{47c160cb-4931-11e1-afd2-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00#4&72acdaa&0&5020#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3be492e&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&34ec5d6b&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{768B9374-D4F0-433A-843A-F06AB122AE2F}"
.\debug.cpp(400) : Destination "\Device\{768B9374-D4F0-433A-843A-F06AB122AE2F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{96EBF6C6-9398-43D5-BD5F-2E18C7C0FE66}"
.\debug.cpp(400) : Destination "\Device\{96EBF6C6-9398-43D5-BD5F-2E18C7C0FE66}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-H653N________________0609#4&4d7cbb2&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0f0c&MI_01&Col03#7&32b6c360&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A58&REV_1001#4&6a9a870&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&1bc7137f&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DP(1)0-0+f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1a3e09be-1e45-494b-9174-d7385b45bbf5}#NVNET_DEV03ef#4&b2e3328&0&00#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03D0&SUBSYS_2A58103C&REV_A2#3&2411e6fe&0&68#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RKSAMPLE0"
.\debug.cpp(400) : Destination "\Device\RKSAMPLE0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c018#6&5c4b2d8&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0f0c&MI_00#7&1af3371b&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11C1&DEV_5811&SUBSYS_2A58103C&REV_70#4&72acdaa&0&2820#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&34ec5d6b&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HDT725050VLA360_________________V56OA7BA#2020202020204656344B313034524532314E4B32#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DR6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DR7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0FC73969-7A0A-4BE0-AD0E-0655012CC050}"
.\debug.cpp(400) : Destination "\Device\{0FC73969-7A0A-4BE0-AD0E-0655012CC050}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-H653N________________0609#4&4d7cbb2&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DR8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive5"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DR9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_67#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive6"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DR10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0076F96B-8AB3-4ED6-82EF-F90EB14FD2D0}"
.\debug.cpp(400) : Destination "\Device\{0076F96B-8AB3-4ED6-82EF-F90EB14FD2D0}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0f0c&MI_01&Col01#7&32b6c360&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_03F2&SUBSYS_2A58103C&REV_A3#3&2411e6fe&0&11#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&19c6ccb7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Kingston&Prod_DataTraveler_2.0&Rev_1.00#001CC0EC3449AA3046B92B8D&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_67#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI Data Fax SoftModem with SmartCP"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{47c160ca-4931-11e1-afd2-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&1bc7137f&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DP(1)0-0+f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K:"
.\debug.cpp(400) : Destination "\Device\Harddisk6\DP(1)0-0+f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureA9ECA9ECOffsetC34C68000Length683BCAA000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureA9ECA9ECOffset7E00LengthC34C60200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A58&REV_1001#4&6a9a870&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HDP725050GLA360_________________GM4OA5CA#2020202020204547354134354A52443239334737#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_03f0&Pid_0f0c&MI_00#7&1af3371b&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KeyScrambler"
.\debug.cpp(400) : Destination "\Device\KeyScrambler"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_MS#MS-Pro&Rev_1.00#20021111153705700&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature1549F232Offset720CB76000Length263D9C000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0424&Pid_2504#5&21383744&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A58&REV_1001#4&6a9a870&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\M:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{2b18e82e-49ce-11e1-ae26-b343499b0dd8}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&37fdda34&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&18e2f93e&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f4342ee0-49be-11e1-a071-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&37fdda34&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&374345c3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6416BA22-2812-4281-BB74-8E1240C41C79}"
.\debug.cpp(400) : Destination "\Device\{6416BA22-2812-4281-BB74-8E1240C41C79}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC&Rev_1.00#20021111153705700&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&3be492e&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk5\DP(1)0-0+e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\NvAta0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4c218e29-4833-11e1-8b8e-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A58&REV_1001#4&6a9a870&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0bda&Pid_0111#20021111153705700#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c018#5&10a37e25&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A58&REV_1001#4&6a9a870&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000006b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c018#6&5c4b2d8&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;

ListParts by Farbar
Ran by Administrator on 04-02-2012 at 07:06:25
Windows XP (X86)
Running From: C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 2942.45 MB
Available physical RAM: 2518.18 MB
Total Pagefile: 4829.23 MB
Available Pagefile: 4508.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.32 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:48.82 GB) (Free:34.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (Data) (Fixed) (Total:416.93 GB) (Free:66.23 GB) NTFS
3 Drive e: (Vista & data backup) (Fixed) (Total:456.2 GB) (Free:367.21 GB) NTFS
4 Drive f: (FACTORY_IMAGE) (Fixed) (Total:9.56 GB) (Free:1.3 GB) NTFS
5 Drive g: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.37 GB) FAT32
10 Drive m: (Tools) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 49 GB 32 KB
Partition 2 Primary 417 GB 49 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 49 GB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 417 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 456 GB 32 KB
Partition 2 Primary 10 GB 456 GB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Vista & dat NTFS Partition 456 GB Healthy

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FACTORY_IMA NTFS Partition 10 GB Healthy

****** End Of Log ******

#8 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 04 February 2012 - 04:02 PM

I installed and ran MSE and it did not find the trojan on D boot drive. It says its clean.

#9 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 04 February 2012 - 05:55 PM

Very well :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

#10 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 05 February 2012 - 03:27 PM

Ran successfully

ComboFix 12-02-05.01 - Administrator 02/04/2012 11:53:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2376 [GMT -8:00]
Running from: c:\documents and settings\Administrator.JOSEPH-4C60E4B9\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.JOSEPH-4C60E4B9\Desktop\Security Center.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-03 19:01 . 2012-02-03 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 16:12 . 2012-02-03 16:12 -------- d-----w- c:\program files\TeamViewer
2012-01-29 18:00 . 2012-01-29 18:00 -------- d-----w- c:\program files\MSXML 4.0
2012-01-29 00:15 . 2012-01-29 00:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-28 23:50 . 2012-01-28 23:50 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-01-28 23:37 . 2012-01-28 23:37 -------- d-----w- C:\Downloads
2012-01-28 20:49 . 2012-01-28 20:49 -------- d-----w- c:\program files\Common Files\Scanner
2012-01-28 20:42 . 2012-01-28 20:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-28 20:41 . 2012-01-28 20:42 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-28 20:15 . 2012-01-28 20:15 -------- d-----w- c:\program files\KeyScrambler
2012-01-28 17:28 . 2012-02-04 15:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-28 16:42 . 2012-01-28 16:42 -------- d-----w- C:\NVIDIA
2012-01-28 15:45 . 2012-01-28 15:45 -------- d-----w- c:\documents and settings\UpdatusUser
2012-01-28 15:40 . 2012-01-28 17:05 -------- d-----w- c:\program files\Windows Desktop Search
2012-01-28 14:45 . 2012-01-28 15:45 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-27 00:02 . 2012-01-29 00:33 -------- d-----w- c:\documents and settings\Administrator.JOSEPH-4C60E4B9
2012-01-27 00:02 . 2012-01-28 18:15 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2012-01-27 00:02 . 2012-01-27 00:02 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:56 . 2010-09-16 13:12 293376 ----a-w- c:\winxp\system32\winsrv.dll
2011-11-23 13:29 . 2011-04-12 18:46 1868544 ----a-w- c:\winxp\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 09:00 60416 ----a-w- c:\winxp\system32\packager.exe
2011-11-16 14:20 . 2010-09-16 13:12 152064 ----a-w- c:\winxp\system32\schannel.dll
2011-11-16 14:20 . 2010-09-16 13:11 354816 ----a-w- c:\winxp\system32\winhttp.dll
2011-12-21 07:24 . 2012-01-28 19:59 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-02_21.13.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-03 19:01 . 2011-12-10 23:24 20464 c:\winxp\system32\drivers\mbam.sys
+ 2012-01-28 17:35 . 2012-01-31 12:44 237072 c:\winxp\system32\MpSigStub.exe
+ 2011-04-18 21:18 . 2011-04-18 21:18 165648 c:\winxp\system32\drivers\MpFilter.sys
+ 2012-02-04 15:46 . 2012-02-04 15:46 785920 c:\winxp\Installer\398a81.msi
+ 2012-02-04 15:46 . 2012-02-04 15:46 483840 c:\winxp\Installer\398a78.msi
+ 2012-02-04 15:46 . 2012-02-04 15:46 301056 c:\winxp\Installer\398a70.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users.WINXP\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 MpKsla4de5eb3;MpKsla4de5eb3;c:\documents and settings\All Users.WINXP\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C1CC920-AA3A-47A0-A469-53A1DA05C348}\MpKsla4de5eb3.sys [2/4/2012 7:51 AM 29904]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/28/2012 7:45 AM 2214504]
R3 KeyScrambler;KeyScrambler;c:\winxp\system32\drivers\keyscrambler.sys [1/28/2012 12:15 PM 225592]
S3 1937;1937;c:\winxp\system32\DRIVERS\1937 --> c:\winxp\system32\DRIVERS\1937 [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSLA4DE5EB3
*NewlyCreated* - MSMPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-04 c:\winxp\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla\Firefox\Profiles\j9ggo1oh.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 11:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1937]
"ImagePath"="System32\DRIVERS\1937"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,f7,74,9b,7c,c3,02,43,86,78,d2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,f7,74,9b,7c,c3,02,43,86,78,d2,\
.
Completion time: 2012-02-04 11:56:44
ComboFix-quarantined-files.txt 2012-02-04 19:56
ComboFix2.txt 2012-02-02 21:14
.
Pre-Run: 36,830,085,120 bytes free
Post-Run: 36,883,607,552 bytes free
.
- - End Of File - - 80A41AD9B3D7EB45C6A1C58CC626388A

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/05/2012 at 7:21:43.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\WINXP\explorer.exe
C:\WINXP\system32\SearchProtocolHost.exe
C:\WINXP\system32\SearchFilterHost.exe
C:\WINXP\System32\rundll32.exe

Rkill completed on 02/05/2012 at 7:21:46.

#11 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 05 February 2012 - 07:27 PM

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\winxp\system32\DRIVERS\1937

Folder::

Driver::
1937

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1937]

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

#12 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 05 February 2012 - 11:48 PM

ran ok

ComboFix 12-02-05.01 - Administrator 02/05/2012 15:35:14.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2253 [GMT -8:00]
Running from: c:\documents and settings\Administrator.JOSEPH-4C60E4B9\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.JOSEPH-4C60E4B9\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
FILE ::
"c:\winxp\system32\DRIVERS\1937"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_1937
-------\Service_1937
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-03 19:01 . 2012-02-03 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 16:12 . 2012-02-03 16:12 -------- d-----w- c:\program files\TeamViewer
2012-01-29 18:00 . 2012-01-29 18:00 -------- d-----w- c:\program files\MSXML 4.0
2012-01-29 00:15 . 2012-01-29 00:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-28 23:50 . 2012-01-28 23:50 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-01-28 23:37 . 2012-01-28 23:37 -------- d-----w- C:\Downloads
2012-01-28 20:49 . 2012-01-28 20:49 -------- d-----w- c:\program files\Common Files\Scanner
2012-01-28 20:42 . 2012-01-28 20:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-28 20:41 . 2012-01-28 20:42 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-28 20:15 . 2012-01-28 20:15 -------- d-----w- c:\program files\KeyScrambler
2012-01-28 17:28 . 2012-02-04 15:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-28 16:42 . 2012-01-28 16:42 -------- d-----w- C:\NVIDIA
2012-01-28 15:45 . 2012-01-28 15:45 -------- d-----w- c:\documents and settings\UpdatusUser
2012-01-28 15:40 . 2012-01-28 17:05 -------- d-----w- c:\program files\Windows Desktop Search
2012-01-28 14:45 . 2012-01-28 15:45 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-27 00:02 . 2012-02-05 16:12 -------- d-----w- c:\documents and settings\Administrator.JOSEPH-4C60E4B9
2012-01-27 00:02 . 2012-01-28 18:15 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2012-01-27 00:02 . 2012-01-27 00:02 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:56 . 2010-09-16 13:12 293376 ----a-w- c:\winxp\system32\winsrv.dll
2011-11-23 13:29 . 2011-04-12 18:46 1868544 ----a-w- c:\winxp\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 09:00 60416 ----a-w- c:\winxp\system32\packager.exe
2011-11-16 14:20 . 2010-09-16 13:12 152064 ----a-w- c:\winxp\system32\schannel.dll
2011-11-16 14:20 . 2010-09-16 13:11 354816 ----a-w- c:\winxp\system32\winhttp.dll
2011-12-21 07:24 . 2012-01-28 19:59 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-02_21.13.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-03 19:01 . 2011-12-10 23:24 20464 c:\winxp\system32\drivers\mbam.sys
+ 2012-01-28 17:35 . 2012-01-31 12:44 237072 c:\winxp\system32\MpSigStub.exe
+ 2011-04-18 21:18 . 2011-04-18 21:18 165648 c:\winxp\system32\drivers\MpFilter.sys
+ 2012-02-04 15:46 . 2012-02-04 15:46 785920 c:\winxp\Installer\398a81.msi
+ 2012-02-04 15:46 . 2012-02-04 15:46 483840 c:\winxp\Installer\398a78.msi
+ 2012-02-04 15:46 . 2012-02-04 15:46 301056 c:\winxp\Installer\398a70.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users.WINXP\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1/28/2012 7:45 AM 2214504]
R3 KeyScrambler;KeyScrambler;c:\winxp\system32\drivers\keyscrambler.sys [1/28/2012 12:15 PM 225592]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\winxp\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla\Firefox\Profiles\j9ggo1oh.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-05 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,f7,74,9b,7c,c3,02,43,86,78,d2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,f7,74,9b,7c,c3,02,43,86,78,d2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2328)
c:\winxp\system32\WININET.dll
c:\winxp\system32\ieframe.dll
c:\winxp\system32\webcheck.dll
c:\winxp\system32\wpdshserviceobj.dll
c:\winxp\system32\portabledevicetypes.dll
c:\winxp\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\winxp\system32\nvsvc32.exe
c:\winxp\RTHDCPL.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\winxp\system32\RunDLL32.exe
c:\winxp\system32\SearchIndexer.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\winxp\system32\wscntfy.exe
c:\winxp\system32\SearchProtocolHost.exe
c:\winxp\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-02-05 15:41:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-05 23:41
ComboFix2.txt 2012-02-04 19:56
ComboFix3.txt 2012-02-02 21:14
.
Pre-Run: 36,569,239,552 bytes free
Post-Run: 36,558,688,256 bytes free
.
- - End Of File - - 2A353E558328E90A80ADB7EAC6050F11

#13 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 05 February 2012 - 11:55 PM

Looks good.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

#14 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 06 February 2012 - 12:21 AM

puters running great

OTL logfile created on: 2/5/2012 4:05:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 80.67% Memory free
4.72 Gb Paging File | 4.31 Gb Available in Paging File | 91.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 34.06 Gb Free Space | 69.77% Space Free | Partition Type: NTFS
Drive D: | 416.93 Gb Total Space | 51.75 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive E: | 48.82 Gb Total Space | 48.76 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive F: | 407.37 Gb Total Space | 139.08 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
Drive G: | 9.56 Gb Total Space | 1.30 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive M: | 281.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOSEPH-4C60E4B9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/29 07:16:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\OTL.exe
PRC - [2012/01/19 03:47:20 | 002,698,624 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/01/19 03:47:19 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 03:26:19 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 01:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

========== Modules (No Company Name) ==========

MOD - [2011/05/05 00:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2008/04/14 01:00:00 | 000,059,904 | ---- | M] () -- C:\WINXP\system32\devenum.dll
MOD - [2008/04/14 01:00:00 | 000,014,336 | ---- | M] () -- C:\WINXP\system32\msdmo.dll
MOD - [2006/04/03 18:04:02 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2006/04/03 18:04:02 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2006/04/03 18:04:02 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so

========== Win32 Services (SafeList) ==========

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/14 02:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/09/14 05:58:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXP\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/08/14 13:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 FD 60 4E CC DD CC 01 [binary data]
IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/28 11:59:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/28 12:42:23 | 000,000,000 | ---D | M]

[2012/01/28 11:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla\Extensions
[2012/01/28 12:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla\Firefox\Profiles\j9ggo1oh.default\extensions
[2012/01/28 12:31:19 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla\Firefox\Profiles\j9ggo1oh.default\extensions\keyscrambler@qfx.software.corporation
[2012/01/28 11:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/20 23:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 20:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 20:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/05 15:39:29 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O3 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE29E83-0A83-4B2C-A291-EDE3295D2821}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) -C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/20 09:54:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/23 14:42:47 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINXP\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINXP\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINXP\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINXP\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINXP\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINXP\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINXP\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 15:41:14 | 000,000,000 | ---D | C] -- C:\WINXP\temp
[2012/02/05 08:18:35 | 000,000,000 | ---D | C] -- D:\My Documents\My Pictures
[2012/02/05 08:16:24 | 000,000,000 | ---D | C] -- D:\My Documents\TurboTax
[2012/02/05 08:16:24 | 000,000,000 | ---D | C] -- D:\My Documents\event_photo_page-Gary_files
[2012/02/05 08:15:08 | 000,000,000 | ---D | C] -- D:\My Documents\ChessBase
[2012/02/05 08:12:21 | 000,000,000 | R--D | C] -- D:\My Documents\My Videos
[2012/02/05 08:12:21 | 000,000,000 | R--D | C] -- D:\My Documents\My Music
[2012/02/05 08:12:21 | 000,000,000 | ---D | C] -- D:\My Documents\My Received Files
[2012/02/05 08:12:21 | 000,000,000 | ---D | C] -- D:\My Documents\Logs
[2012/02/05 08:12:21 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2012/02/04 11:46:05 | 004,396,501 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ComboFix.exe
[2012/02/04 06:54:56 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\boot_cleaner.exe
[2012/02/03 11:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/03 11:01:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012/02/03 11:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/03 08:20:13 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/03 08:18:40 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\aswMBR.exe
[2012/02/03 08:17:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\dds.scr
[2012/02/03 08:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\TeamViewer
[2012/02/03 08:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\TeamViewer 7
[2012/02/03 08:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/02/03 08:09:53 | 005,093,448 | ---- | C] (TeamViewer GmbH) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TeamViewer_Setup.exe
[2012/02/02 13:10:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/02 13:09:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe
[2012/02/02 13:09:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe
[2012/02/02 13:09:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe
[2012/02/02 13:09:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe
[2012/02/02 13:08:37 | 000,000,000 | ---D | C] -- C:\WINXP\ERDNT
[2012/02/02 12:52:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 12:52:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Administrative Tools
[2012/02/02 12:49:09 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\AppRemover.exe
[2012/02/02 12:49:01 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\FixTDSS.exe
[2012/02/02 12:48:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\OTL.exe
[2012/02/02 12:47:16 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TDSSKiller.exe
[2012/02/02 12:45:36 | 000,000,000 | ---D | C] -- C:\WINXP\SxsCaPendDel
[2012/01/29 10:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/01/28 18:37:00 | 000,000,000 | ---D | C] -- C:\WINXP\System32\NtmsData
[2012/01/28 18:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Windows Search
[2012/01/28 16:15:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/28 15:53:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINXP\System32\bootdelete.exe
[2012/01/28 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/01/28 15:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Hitman Pro
[2012/01/28 15:37:06 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/01/28 14:14:47 | 000,206,160 | ---- | C] (CA, Inc.) -- C:\WINXP\System32\Isafprod.dll
[2012/01/28 14:14:47 | 000,128,336 | ---- | C] (Computer Associates International, Inc.) -- C:\WINXP\System32\Isafeif.dll
[2012/01/28 14:14:47 | 000,095,568 | ---- | C] (Computer Associates International, Inc.) -- C:\WINXP\System32\Vetredir.dll
[2012/01/28 12:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2012/01/28 12:49:04 | 000,000,000 | ---D | C] -- C:\WINXP\rnapxs
[2012/01/28 12:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/01/28 12:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Adobe
[2012/01/28 12:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/28 12:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/28 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Adobe
[2012/01/28 12:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\QFX Software
[2012/01/28 12:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\QFX Software
[2012/01/28 12:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Macromedia
[2012/01/28 12:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Adobe
[2012/01/28 12:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Microsoft Office
[2012/01/28 12:22:19 | 000,000,000 | ---D | C] -- C:\WINXP\SHELLNEW
[2012/01/28 12:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\KeyScrambler
[2012/01/28 12:15:22 | 000,225,592 | ---- | C] (QFX Software Corporation) -- C:\WINXP\System32\drivers\keyscrambler.sys
[2012/01/28 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2012/01/28 11:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Mozilla
[2012/01/28 11:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla
[2012/01/28 10:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Malwarebytes
[2012/01/28 10:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
[2012/01/28 09:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Runtime Software
[2012/01/28 09:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/28 08:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\ApplicationHistory
[2012/01/28 08:46:16 | 000,000,000 | ---D | C] -- C:\WINXP\Minidump
[2012/01/28 08:43:34 | 000,000,000 | ---D | C] -- C:\WINXP\System32\SoftwareDistribution
[2012/01/28 08:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\InstallShield
[2012/01/28 08:42:04 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/01/28 07:50:55 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Lang
[2012/01/28 07:46:19 | 000,000,000 | ---D | C] -- C:\WINXP\ie8updates
[2012/01/28 07:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\NVIDIA
[2012/01/28 07:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\NVIDIA Corporation
[2012/01/28 07:43:08 | 000,000,000 | ---D | C] -- C:\WINXP\System32\XPSViewer
[2012/01/28 07:41:14 | 000,000,000 | ---D | C] -- C:\WINXP\System32\RTCOM
[2012/01/28 07:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Windows Desktop Search
[2012/01/28 07:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Identities
[2012/01/28 07:40:56 | 000,000,000 | -H-D | C] -- C:\WINXP\System32\GroupPolicy
[2012/01/28 07:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/01/28 07:40:07 | 000,000,000 | R-SD | C] -- C:\WINXP\assembly
[2012/01/28 07:40:07 | 000,000,000 | ---D | C] -- C:\WINXP\System32\URTTemp
[2012/01/28 07:40:07 | 000,000,000 | ---D | C] -- C:\WINXP\Microsoft.NET
[2012/01/28 07:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Windows Genuine Advantage
[2012/01/28 06:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\NVIDIA Corporation
[2012/01/28 06:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/28 06:44:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\ReinstallBackups
[2012/01/26 16:30:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\PrivacIE
[2012/01/26 16:25:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINXP\System32\CSVer.dll
[2012/01/26 16:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Identities
[2012/01/26 16:02:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Microsoft
[2012/01/26 16:02:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft
[2012/01/26 16:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\SendTo
[2012/01/26 16:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Recent
[2012/01/26 16:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data
[2012/01/26 16:02:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Startup
[2012/01/26 16:02:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu
[2012/01/26 16:02:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Favorites
[2012/01/26 16:02:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Accessories
[2012/01/26 16:02:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\IETldCache
[2012/01/26 16:02:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Cookies
[2012/01/26 16:02:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Templates
[2012/01/26 16:02:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\PrintHood
[2012/01/26 16:02:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\NetHood
[2012/01/26 16:02:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings
[2012/01/26 16:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop
[2012/01/26 16:02:47 | 000,000,000 | ---D | C] -- C:\WINXP\SoftwareDistribution
[2012/01/26 16:02:45 | 000,000,000 | ---D | C] -- C:\WINXP\Prefetch
[2012/01/26 16:02:44 | 000,000,000 | --SD | C] -- C:\WINXP\System32\Microsoft
[2012/01/26 16:00:14 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINXP\System32\dllcache\rwia330.dll
[2012/01/26 16:00:14 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINXP\System32\dllcache\rwia001.dll
[2012/01/26 16:00:14 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINXP\System32\dllcache\rw330ext.dll
[2012/01/26 15:59:28 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINXP\System32\dllcache\cap7146.sys
[2012/01/26 15:59:08 | 000,000,000 | ---D | C] -- C:\WINXP\System32\xircom
[2012/01/26 15:58:35 | 000,000,000 | ---D | C] -- C:\WINXP\System32\PreInstall
[2012/01/26 15:58:33 | 000,000,000 | -H-D | C] -- C:\WINXP\$hf_mig$
[2012/01/26 15:57:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINXP\DRM
[2012/01/26 15:56:59 | 000,000,000 | ---D | C] -- C:\WINXP\System32\DirectX
[2012/01/26 15:56:44 | 000,000,000 | --SD | C] -- C:\WINXP\Tasks
[2012/01/26 15:56:39 | 000,000,000 | ---D | C] -- C:\WINXP\srchasst
[2012/01/26 15:56:38 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Macromed
[2012/01/26 15:56:19 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Restore
[2012/01/26 15:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Documents\My Pictures
[2012/01/26 15:55:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Games
[2012/01/26 15:55:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Administrative Tools
[2012/01/26 15:55:32 | 000,000,000 | ---D | C] -- C:\WINXP\Registration
[2012/01/26 15:54:43 | 000,000,000 | ---D | C] -- C:\WINXP\System32\MsDtc
[2012/01/26 15:54:41 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Com
[2012/01/26 15:54:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Documents\My Videos
[2012/01/26 15:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Accessories
[2012/01/26 10:10:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/26 07:41:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Documents\My Music
[2012/01/26 07:41:06 | 000,000,000 | -HSD | C] -- C:\WINXP\Installer
[2012/01/26 07:40:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup
[2012/01/26 07:40:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu
[2012/01/26 07:40:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Documents
[2012/01/26 07:40:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINXP\Templates
[2012/01/26 07:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Favorites
[2012/01/26 07:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Desktop
[2012/01/26 07:40:28 | 000,000,000 | ---D | C] -- C:\WINXP\System32\CatRoot2
[2012/01/26 07:40:28 | 000,000,000 | ---D | C] -- C:\WINXP\System32\CatRoot
[2012/01/26 07:40:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft
[2012/01/26 07:40:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data
[2012/01/26 07:36:58 | 000,000,000 | --SD | C] -- C:\WINXP\Offline Web Pages
[2012/01/26 07:36:58 | 000,000,000 | --SD | C] -- C:\WINXP\Downloaded Program Files
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\WinSxS
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\WBEM
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\usmt
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\UMDF
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\twain_32
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\scripting
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\Resources
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\Provisioning
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\PeerNet
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\pchealth
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\oobe
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\Network Diagnostic
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\mui
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\mui
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\msapps
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\L2Schemas
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\inetsrv
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\IME
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\ime
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\icsxml
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\en-US
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\en
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\ehome
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\Debug
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\AppPatch
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\3com_dmi
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\3076
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\2052
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1054
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1042
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1041
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1037
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1033
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1031
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1028
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1025
[2012/01/26 07:36:57 | 000,000,000 | R-SD | C] -- C:\WINXP\Fonts
[2012/01/26 07:36:57 | 000,000,000 | RHSD | C] -- C:\WINXP\System32\dllcache
[2012/01/26 07:36:57 | 000,000,000 | R--D | C] -- C:\WINXP\Web
[2012/01/26 07:36:57 | 000,000,000 | -H-D | C] -- C:\WINXP\inf
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\wins
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\wbem
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\system32
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\system
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\spool
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\ShellExt
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Setup
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\security
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\repair
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\ras
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\npp
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\msagent
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Media
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\java
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\ias
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Help
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\export
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\etc
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Driver Cache
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\disdn
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\dhcp
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Cursors
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Connection Wizard
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\config
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Config
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\addins
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 15:44:24 | 000,000,424 | -H-- | M] () -- C:\WINXP\tasks\MP Scheduled Scan.job
[2012/02/05 15:39:44 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012/02/05 15:39:29 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2012/02/05 15:39:20 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012/02/04 11:42:07 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\rkill.exe
[2012/02/04 11:41:25 | 004,396,501 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ComboFix.exe
[2012/02/04 07:46:21 | 000,001,945 | ---- | M] () -- C:\WINXP\epplauncher.mif
[2012/02/04 06:51:59 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\boot_cleaner.exe
[2012/02/04 06:49:15 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts.exe
[2012/02/04 06:43:50 | 000,800,211 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts64.exe
[2012/02/03 14:38:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 14:06:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\MBR.dat
[2012/02/03 08:12:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\TeamViewer 7.lnk
[2012/02/03 08:09:53 | 005,093,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TeamViewer_Setup.exe
[2012/02/03 05:45:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/03 05:42:55 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\aswMBR.exe
[2012/02/03 05:41:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\dds.scr
[2012/02/02 13:45:25 | 002,040,543 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\tdsskiller.zip
[2012/02/02 13:10:59 | 000,000,433 | -HS- | M] () -- C:\boot.ini
[2012/02/02 12:58:49 | 000,055,420 | ---- | M] () -- C:\WINXP\System32\drivers\KmxAgent.asc
[2012/02/01 13:08:40 | 000,000,664 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat
[2012/01/30 11:27:45 | 000,023,624 | ---- | M] () -- C:\WINXP\System32\drivers\hitmanpro35.sys
[2012/01/30 07:29:29 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\gmer.exe
[2012/01/30 07:04:14 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Fabar Servic scanner.exe
[2012/01/30 07:03:26 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\SecurityCheck.exe
[2012/01/30 06:24:33 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\FixTDSS.exe
[2012/01/30 06:15:27 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\AppRemover.exe
[2012/01/30 06:01:08 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TDSSKiller.exe
[2012/01/29 07:16:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\OTL.exe
[2012/01/28 15:53:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINXP\System32\bootdelete.exe
[2012/01/28 13:36:12 | 000,113,376 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012/01/28 13:32:19 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\My Documents.lnk
[2012/01/28 13:32:01 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\My Computer.lnk
[2012/01/28 13:30:31 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/01/28 12:42:24 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Adobe Reader X.lnk
[2012/01/28 12:22:49 | 000,000,370 | ---- | M] () -- C:\WINXP\ODBC.INI
[2012/01/28 11:59:11 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/28 11:59:11 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Firefox.lnk
[2012/01/28 10:45:21 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\WordPad.lnk
[2012/01/28 10:45:02 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Notepad.lnk
[2012/01/28 10:44:28 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Microsoft Security Essentials.lnk
[2012/01/28 09:40:44 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\DriveImage XML.lnk
[2012/01/28 09:04:31 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2012/01/28 09:04:07 | 000,462,168 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012/01/28 09:04:07 | 000,078,114 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012/01/28 07:48:19 | 000,000,129 | ---- | M] () -- C:\WINXP\System32\MRT.INI
[2012/01/28 07:45:59 | 000,273,344 | ---- | M] () -- C:\WINXP\System32\nvdrsdb0.bin
[2012/01/28 07:45:59 | 000,000,001 | ---- | M] () -- C:\WINXP\System32\nvdrssel.bin
[2012/01/28 07:45:27 | 000,273,344 | ---- | M] () -- C:\WINXP\System32\nvdrsdb1.bin
[2012/01/28 07:45:27 | 000,000,000 | ---- | M] () -- C:\WINXP\System32\nvdrswr.lk
[2012/01/28 07:41:00 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Windows Search.lnk
[2012/01/28 07:08:10 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Control Panel.lnk
[2012/01/28 07:05:07 | 000,000,388 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Local Area Connection.lnk
[2012/01/28 07:04:24 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\System.lnk
[2012/01/28 07:03:28 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Network Connections.lnk
[2012/01/28 07:03:19 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Administrative Tools.lnk
[2012/01/28 06:46:11 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/01/28 06:46:01 | 000,000,022 | ---- | M] () -- C:\WINXP\FileName
[2012/01/26 16:11:44 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Win Explorer.lnk
[2012/01/26 16:03:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/26 16:03:09 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Internet Explorer.lnk
[2012/01/26 16:03:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Windows Media Player.lnk
[2012/01/26 16:02:05 | 000,008,192 | ---- | M] () -- C:\WINXP\REGLOCS.OLD
[2012/01/26 16:00:43 | 000,000,372 | ---- | M] () -- C:\WINXP\System32\$winnt$.inf
[2012/01/26 15:58:21 | 000,002,577 | ---- | M] () -- C:\WINXP\System32\CONFIG.NT
[2012/01/26 15:58:16 | 000,023,392 | ---- | M] () -- C:\WINXP\System32\nscompat.tlb
[2012/01/26 15:58:16 | 000,016,832 | ---- | M] () -- C:\WINXP\System32\amcompat.tlb
[2012/01/26 15:58:15 | 000,316,640 | ---- | M] () -- C:\WINXP\WMSysPr9.prx
[2012/01/26 15:58:06 | 000,004,073 | ---- | M] () -- C:\WINXP\ODBCINST.INI
[2012/01/26 15:55:48 | 000,021,640 | ---- | M] () -- C:\WINXP\System32\emptyregdb.dat
[2012/01/26 15:53:14 | 000,000,317 | ---- | M] () -- C:\Boot.bak
[2012/01/26 07:41:11 | 000,004,444 | ---- | M] () -- C:\WINXP\System32\pid.PNF
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 08:16:25 | 000,006,077 | -H-- | C] () -- D:\My Documents\event_photo_page-Gary.htm
[2012/02/04 11:48:37 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\rkill.exe
[2012/02/04 07:51:08 | 000,000,424 | -H-- | C] () -- C:\WINXP\tasks\MP Scheduled Scan.job
[2012/02/04 07:46:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/04 06:54:30 | 000,800,211 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts64.exe
[2012/02/04 06:54:15 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts.exe
[2012/02/03 14:06:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\MBR.dat
[2012/02/03 11:01:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 08:12:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\TeamViewer 7.lnk
[2012/02/02 13:45:22 | 002,040,543 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\tdsskiller.zip
[2012/02/02 13:10:59 | 000,000,317 | ---- | C] () -- C:\Boot.bak
[2012/02/02 13:10:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/02 13:09:47 | 000,256,000 | ---- | C] () -- C:\WINXP\PEV.exe
[2012/02/02 13:09:47 | 000,208,896 | ---- | C] () -- C:\WINXP\MBR.exe
[2012/02/02 13:09:47 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe
[2012/02/02 13:09:47 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe
[2012/02/02 13:09:47 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe
[2012/02/02 12:49:24 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Fabar Servic scanner.exe
[2012/02/02 12:47:58 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\SecurityCheck.exe
[2012/02/02 12:46:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\gmer.exe
[2012/01/28 17:42:16 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2012/01/28 15:50:09 | 000,023,624 | ---- | C] () -- C:\WINXP\System32\drivers\hitmanpro35.sys
[2012/01/28 13:41:07 | 000,055,420 | ---- | C] () -- C:\WINXP\System32\drivers\KmxAgent.asc
[2012/01/28 13:32:19 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\My Documents.lnk
[2012/01/28 13:32:01 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\My Computer.lnk
[2012/01/28 13:31:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Windows Media Player.lnk
[2012/01/28 13:30:31 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/01/28 12:42:24 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/28 12:42:24 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Adobe Reader X.lnk
[2012/01/28 12:22:49 | 000,000,370 | ---- | C] () -- C:\WINXP\ODBC.INI
[2012/01/28 12:13:29 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Internet Explorer.lnk
[2012/01/28 11:59:11 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/28 11:59:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/28 11:59:10 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Firefox.lnk
[2012/01/28 10:45:21 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\WordPad.lnk
[2012/01/28 10:45:02 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Notepad.lnk
[2012/01/28 10:44:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Microsoft Security Essentials.lnk
[2012/01/28 09:40:44 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\DriveImage XML.lnk
[2012/01/28 09:29:44 | 000,001,945 | ---- | C] () -- C:\WINXP\epplauncher.mif
[2012/01/28 08:43:04 | 000,006,045 | ---- | C] () -- C:\WINXP\System32\nvnrm.nvu
[2012/01/28 07:48:19 | 000,000,129 | ---- | C] () -- C:\WINXP\System32\MRT.INI
[2012/01/28 07:45:27 | 000,273,344 | ---- | C] () -- C:\WINXP\System32\nvdrsdb1.bin
[2012/01/28 07:45:27 | 000,273,344 | ---- | C] () -- C:\WINXP\System32\nvdrsdb0.bin
[2012/01/28 07:45:27 | 000,000,001 | ---- | C] () -- C:\WINXP\System32\nvdrssel.bin
[2012/01/28 07:45:27 | 000,000,000 | ---- | C] () -- C:\WINXP\System32\nvdrswr.lk
[2012/01/28 07:41:24 | 000,004,984 | ---- | C] () -- C:\WINXP\System32\drivers\nvphy.bin
[2012/01/28 07:41:00 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Windows Search.lnk
[2012/01/28 07:41:00 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Windows Search.lnk
[2012/01/28 07:08:10 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Control Panel.lnk
[2012/01/28 07:05:07 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Local Area Connection.lnk
[2012/01/28 07:04:24 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\System.lnk
[2012/01/28 07:03:28 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Network Connections.lnk
[2012/01/28 07:03:19 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Administrative Tools.lnk
[2012/01/28 06:46:11 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/01/28 06:46:01 | 000,000,022 | ---- | C] () -- C:\WINXP\FileName
[2012/01/28 06:44:59 | 000,001,570 | ---- | C] () -- C:\WINXP\System32\nvide.nvu
[2012/01/26 16:11:44 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Win Explorer.lnk
[2012/01/26 16:03:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/26 16:03:09 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Internet Explorer.lnk
[2012/01/26 16:03:00 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Outlook Express.lnk
[2012/01/26 16:02:52 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Remote Assistance.lnk
[2012/01/26 16:02:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Windows Media Player.lnk
[2012/01/26 16:02:05 | 000,008,192 | ---- | C] () -- C:\WINXP\REGLOCS.OLD
[2012/01/26 16:00:43 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2012/01/26 16:00:10 | 000,175,104 | ---- | C] () -- C:\WINXP\System32\dllcache\pintlcsa.dll
[2012/01/26 15:59:55 | 001,158,818 | ---- | C] () -- C:\WINXP\System32\dllcache\korwbrkr.lex
[2012/01/26 15:59:50 | 000,196,665 | ---- | C] () -- C:\WINXP\System32\dllcache\imjpinst.exe
[2012/01/26 15:59:50 | 000,059,392 | ---- | C] () -- C:\WINXP\System32\dllcache\imscinst.exe
[2012/01/26 15:59:49 | 000,134,339 | ---- | C] () -- C:\WINXP\System32\dllcache\imekr.lex
[2012/01/26 15:59:44 | 013,463,552 | ---- | C] () -- C:\WINXP\System32\dllcache\hwxjpn.dll
[2012/01/26 15:59:41 | 000,108,827 | ---- | C] () -- C:\WINXP\System32\dllcache\hanja.lex
[2012/01/26 15:59:39 | 000,094,208 | ---- | C] () -- C:\WINXP\System32\dllcache\fpencode.dll
[2012/01/26 15:59:30 | 000,173,568 | ---- | C] () -- C:\WINXP\System32\dllcache\chtskf.dll
[2012/01/26 15:58:21 | 000,002,577 | ---- | C] () -- C:\WINXP\System32\CONFIG.NT
[2012/01/26 15:58:16 | 000,023,392 | ---- | C] () -- C:\WINXP\System32\nscompat.tlb
[2012/01/26 15:58:16 | 000,016,832 | ---- | C] () -- C:\WINXP\System32\amcompat.tlb
[2012/01/26 15:58:15 | 000,316,640 | ---- | C] () -- C:\WINXP\WMSysPr9.prx
[2012/01/26 15:57:15 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/26 15:57:03 | 004,399,505 | ---- | C] () -- C:\WINXP\System32\dllcache\nls302en.lex
[2012/01/26 15:56:52 | 000,048,680 | -HS- | C] () -- C:\WINXP\winnt256.bmp
[2012/01/26 15:56:52 | 000,048,680 | -HS- | C] () -- C:\WINXP\winnt.bmp
[2012/01/26 15:56:48 | 000,000,984 | ---- | C] () -- C:\WINXP\System32\dllcache\srframe.mmf
[2012/01/26 15:56:20 | 000,376,832 | ---- | C] () -- C:\WINXP\System32\dllcache\msinfo.dll
[2012/01/26 15:55:50 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Windows Messenger.lnk
[2012/01/26 15:55:48 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2012/01/26 15:55:25 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\MSN.lnk
[2012/01/26 15:55:00 | 000,065,978 | ---- | C] () -- C:\WINXP\Soap Bubbles.bmp
[2012/01/26 15:55:00 | 000,065,954 | ---- | C] () -- C:\WINXP\Prairie Wind.bmp
[2012/01/26 15:55:00 | 000,065,832 | ---- | C] () -- C:\WINXP\Santa Fe Stucco.bmp
[2012/01/26 15:55:00 | 000,026,680 | ---- | C] () -- C:\WINXP\River Sumida.bmp
[2012/01/26 15:55:00 | 000,026,582 | ---- | C] () -- C:\WINXP\Greenstone.bmp
[2012/01/26 15:55:00 | 000,017,362 | ---- | C] () -- C:\WINXP\Rhododendron.bmp
[2012/01/26 15:55:00 | 000,017,336 | ---- | C] () -- C:\WINXP\Gone Fishing.bmp
[2012/01/26 15:55:00 | 000,017,062 | ---- | C] () -- C:\WINXP\Coffee Bean.bmp
[2012/01/26 15:55:00 | 000,016,730 | ---- | C] () -- C:\WINXP\FeatherTexture.bmp
[2012/01/26 15:55:00 | 000,009,522 | ---- | C] () -- C:\WINXP\Zapotec.bmp
[2012/01/26 15:55:00 | 000,001,272 | ---- | C] () -- C:\WINXP\Blue Lace 16.bmp
[2012/01/26 15:54:58 | 000,003,286 | ---- | C] () -- C:\WINXP\System32\tslabels.h
[2012/01/26 15:54:58 | 000,001,161 | ---- | C] () -- C:\WINXP\System32\usrlogon.cmd
[2012/01/26 15:54:57 | 000,000,768 | ---- | C] () -- C:\WINXP\System32\msdtcprf.h
[2012/01/26 15:54:53 | 000,063,488 | ---- | C] () -- C:\WINXP\System32\wmimgmt.msc
[2012/01/26 07:41:11 | 000,004,444 | ---- | C] () -- C:\WINXP\System32\pid.PNF
[2012/01/26 07:41:09 | 000,001,374 | ---- | C] () -- C:\WINXP\imsins.BAK
[2012/01/26 07:41:06 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2012/01/26 07:40:48 | 000,001,688 | ---- | C] () -- C:\WINXP\System32\AUTOEXEC.NT
[2012/01/26 07:40:37 | 001,296,669 | ---- | C] () -- C:\WINXP\System32\dllcache\SP3.CAT
[2012/01/26 07:40:37 | 000,797,189 | ---- | C] () -- C:\WINXP\System32\dllcache\NT5IIS.CAT
[2012/01/26 07:40:37 | 000,399,645 | ---- | C] () -- C:\WINXP\System32\dllcache\MAPIMIG.CAT
[2012/01/26 07:40:37 | 000,144,484 | ---- | C] () -- C:\WINXP\System32\dllcache\netfx.cat
[2012/01/26 07:40:37 | 000,112,918 | ---- | C] () -- C:\WINXP\System32\dllcache\tabletpc.cat
[2012/01/26 07:40:37 | 000,037,484 | ---- | C] () -- C:\WINXP\System32\dllcache\MW770.CAT
[2012/01/26 07:40:37 | 000,034,747 | ---- | C] () -- C:\WINXP\System32\dllcache\mediactr.cat
[2012/01/26 07:40:37 | 000,034,063 | ---- | C] () -- C:\WINXP\System32\dllcache\FP4.CAT
[2012/01/26 07:40:37 | 000,026,991 | ---- | C] () -- C:\WINXP\System32\dllcache\msn7.cat
[2012/01/26 07:40:37 | 000,016,535 | ---- | C] () -- C:\WINXP\System32\dllcache\IMS.CAT
[2012/01/26 07:40:37 | 000,014,433 | ---- | C] () -- C:\WINXP\System32\dllcache\msn9.cat
[2012/01/26 07:40:37 | 000,013,472 | ---- | C] () -- C:\WINXP\System32\dllcache\HPCRDP.CAT
[2012/01/26 07:40:37 | 000,012,363 | ---- | C] () -- C:\WINXP\System32\dllcache\MSMSGS.CAT
[2012/01/26 07:40:37 | 000,010,027 | ---- | C] () -- C:\WINXP\System32\dllcache\MSTSWEB.CAT
[2012/01/26 07:40:37 | 000,008,574 | ---- | C] () -- C:\WINXP\System32\dllcache\IASNT4.CAT
[2012/01/26 07:40:37 | 000,007,382 | ---- | C] () -- C:\WINXP\System32\dllcache\OEMBIOS.CAT
[2012/01/26 07:40:37 | 000,007,334 | ---- | C] () -- C:\WINXP\System32\dllcache\wmerrenu.cat
[2012/01/26 07:40:36 | 002,144,487 | ---- | C] () -- C:\WINXP\System32\dllcache\NT5.CAT
[2012/01/26 07:40:36 | 000,522,220 | ---- | C] () -- C:\WINXP\System32\dllcache\NT5INF.CAT
[2012/01/26 07:40:02 | 000,113,376 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012/01/26 07:39:07 | 000,000,372 | ---- | C] () -- C:\WINXP\System32\$winnt$.inf
[2011/05/21 06:01:00 | 002,123,582 | ---- | C] () -- C:\WINXP\System32\nvdata.data
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINXP\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINXP\System32\structuredqueryschema.bin
[2008/04/14 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin
[2008/04/14 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat
[2008/04/14 01:00:00 | 000,462,168 | ---- | C] () -- C:\WINXP\System32\perfh009.dat
[2008/04/14 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat
[2008/04/14 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat
[2008/04/14 01:00:00 | 000,078,114 | ---- | C] () -- C:\WINXP\System32\perfc009.dat
[2008/04/14 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin
[2008/04/14 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat
[2008/04/14 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat
[2008/04/14 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINXP\System32\oembios.dat
[2008/04/14 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINXP\System32\Dcache.bin
[2008/04/14 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINXP\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINXP\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINXP\System32\gthrctr.ini

========== LOP Check ==========

[2012/01/28 12:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\QFX Software
[2012/02/04 11:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\TeamViewer
[2012/01/28 07:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Windows Desktop Search
[2012/01/28 18:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Windows Search
[2012/01/28 15:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Hitman Pro
[2012/01/28 12:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\QFX Software
[2012/02/05 15:44:24 | 000,000,424 | -H-- | M] () -- C:\WINXP\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/01/28 06:46:11 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/20 09:54:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/01/26 15:53:14 | 000,000,317 | ---- | M] () -- C:\Boot.bak
[2012/02/02 13:10:59 | 000,000,433 | -HS- | M] () -- C:\boot.ini
[2012/02/02 13:00:00 | 004,903,463 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/05 15:41:12 | 000,008,876 | ---- | M] () -- C:\ComboFix.txt
[2009/07/20 09:54:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/20 09:54:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/20 09:54:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 01:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 01:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/05 15:39:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/02/05 07:21:46 | 000,000,496 | ---- | M] () -- C:\rkill.log
[2012/02/02 13:44:33 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_02.02.2012_13.44.24_log.txt
[2012/02/02 13:45:12 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_02.02.2012_13.45.09_log.txt
[2012/01/28 16:21:32 | 000,095,434 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_28.01.2012_16.10.58_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINXP\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINXP\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINXP\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINXP\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2012/01/26 15:57:55 | 000,000,067 | -HS- | M] () -- C:\WINXP\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 10:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2012/01/26 07:39:09 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav
[2012/01/26 07:39:09 | 001,089,536 | ---- | M] () -- C:\WINXP\System32\config\software.sav
[2012/01/26 07:39:09 | 000,929,792 | ---- | M] () -- C:\WINXP\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2012/01/26 15:58:27 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/26 16:03:11 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2012/01/26 16:03:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/30 06:15:27 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\AppRemover.exe
[2012/02/03 05:42:55 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\aswMBR.exe
[2012/02/04 06:51:59 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\boot_cleaner.exe
[2012/02/04 11:41:25 | 004,396,501 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ComboFix.exe
[2012/01/30 07:04:14 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Fabar Servic scanner.exe
[2012/01/30 06:24:33 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\FixTDSS.exe
[2012/01/30 07:29:29 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\gmer.exe
[2012/02/04 06:49:15 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts.exe
[2012/02/04 06:43:50 | 000,800,211 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts64.exe
[2012/02/03 05:45:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\mbam--setup-1.60.1.1000.exe
[2012/01/29 07:16:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\OTL.exe
[2012/02/04 11:42:07 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\rkill.exe
[2012/01/30 07:03:26 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\SecurityCheck.exe
[2012/01/30 06:01:08 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TDSSKiller.exe
[2012/02/03 08:09:53 | 005,093,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TeamViewer_Setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/01/26 16:03:11 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/05 15:40:56 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2010/09/16 02:27:53 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINXP\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 01:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/02 21:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 17:29:46 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 13:42:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 21:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 03:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/29 00:41:26 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2008/04/14 01:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 01:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 01:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 21:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 21:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-29 18:04:53

< End of report >
OTL Extras logfile created on: 2/5/2012 4:05:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 80.67% Memory free
4.72 Gb Paging File | 4.31 Gb Available in Paging File | 91.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 34.06 Gb Free Space | 69.77% Space Free | Partition Type: NTFS
Drive D: | 416.93 Gb Total Space | 51.75 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive E: | 48.82 Gb Total Space | 48.76 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive F: | 407.37 Gb Total Space | 139.08 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
Drive G: | 9.56 Gb Total Space | 1.30 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive M: | 281.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOSEPH-4C60E4B9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"TeamViewer 7" = TeamViewer 7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2012 6:07:29 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/28/2012 6:17:21 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Application Error | ID = 1000
Description = Faulting application isafe.exe, version 9.5.0.0, faulting module Isafeif.dll,
version 9.5.0.0, fault address 0x00003ee8.

Error - 1/28/2012 6:24:50 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Application Error | ID = 1000
Description = Faulting application isafe.exe, version 9.5.0.0, faulting module Isafeif.dll,
version 9.5.0.0, fault address 0x00003ee8.

Error - 1/28/2012 6:27:11 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Application Error | ID = 1000
Description = Faulting application isafe.exe, version 9.5.0.0, faulting module Isafeif.dll,
version 9.5.0.0, fault address 0x00003ee8.

Error - 1/28/2012 7:38:40 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 9.0.1.4371, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/28/2012 7:39:04 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Application Hang | ID = 1001
Description = Fault bucket -1544775435.

Error - 1/29/2012 3:17:18 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Application Error | ID = 1000
Description = Faulting application isafe.exe, version 9.5.0.0, faulting module Isafeif.dll,
version 9.5.0.0, fault address 0x00003ee8.

Error - 2/4/2012 11:46:06 AM | Computer Name = JOSEPH-4C60E4B9 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2/4/2012 11:55:00 AM | Computer Name = JOSEPH-4C60E4B9 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
3, P5 2, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 2/4/2012 3:52:57 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Application Error | ID = 1000
Description = Faulting application teamviewer_desktop.exe, version 7.0.12541.0,
faulting module teamviewer_desktop.exe, version 7.0.12541.0, fault address 0x000343c6.

[ System Events ]
Error - 1/28/2012 6:27:52 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Service Control Manager | ID = 7034
Description = The CAISafe service terminated unexpectedly. It has done this 1 time(s).

Error - 1/28/2012 6:40:48 PM | Computer Name = JOSEPH-4C60E4B9 | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running

Error - 1/28/2012 7:19:01 PM | Computer Name = JOSEPH-4C60E4B9 | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running

Error - 1/29/2012 3:22:20 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Service Control Manager | ID = 7034
Description = The CAISafe service terminated unexpectedly. It has done this 1 time(s).

Error - 1/31/2012 5:44:18 PM | Computer Name = JOSEPH-4C60E4B9 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.0.0.2 on the
Network
Card with network address 001E8CB6039D.

Error - 2/2/2012 4:41:19 PM | Computer Name = JOSEPH-4C60E4B9 | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running

Error - 2/2/2012 5:07:34 PM | Computer Name = JOSEPH-4C60E4B9 | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running

Error - 2/2/2012 5:35:55 PM | Computer Name = JOSEPH-4C60E4B9 | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running

Error - 2/3/2012 10:06:18 AM | Computer Name = JOSEPH-4C60E4B9 | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running

Error - 2/5/2012 7:38:06 PM | Computer Name = JOSEPH-4C60E4B9 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_1937\0000 disappeared from the system without
first being prepared for removal.

< End of report >

#15 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 06 February 2012 - 01:07 AM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

#16 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 06 February 2012 - 04:30 PM

:OTL
O3 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Farbar Service Scanner Version: 18-01-2012 01
Ran by Administrator (administrator) on 06-02-2012 at 05:53:37
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINXP\system32\dhcpcsvc.dll => MD5 is legit
C:\WINXP\system32\Drivers\afd.sys => MD5 is legit
C:\WINXP\system32\Drivers\netbt.sys => MD5 is legit
C:\WINXP\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINXP\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINXP\system32\dnsrslvr.dll => MD5 is legit
C:\WINXP\system32\ipnathlp.dll => MD5 is legit
C:\WINXP\system32\netman.dll => MD5 is legit
C:\WINXP\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINXP\system32\srsvc.dll => MD5 is legit
C:\WINXP\system32\Drivers\sr.sys => MD5 is legit
C:\WINXP\system32\wscsvc.dll => MD5 is legit
C:\WINXP\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINXP\system32\wuauserv.dll => MD5 is legit
C:\WINXP\system32\qmgr.dll => MD5 is legit
C:\WINXP\system32\es.dll
[2010-09-16 05:10] - [2010-09-16 05:10] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINXP\system32\cryptsvc.dll => MD5 is legit
C:\WINXP\system32\svchost.exe => MD5 is legit
C:\WINXP\system32\rpcss.dll
[2010-09-16 05:11] - [2010-09-16 05:11] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINXP\system32\services.exe
[2010-09-16 05:11] - [2010-09-16 05:11] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

C:\TDSSKiller_Quarantine\28.01.2012_16.10.59\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.WJO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.01.2012_16.10.59\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.01.2012_16.10.59\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.01.2012_16.10.59\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.01.2012_16.10.59\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.01.2012_16.10.59\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.01.2012_16.10.59\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.01.2012_16.10.59\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
D:\Software\utilities\cnet2_Norman_Malware_Cleaner_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#17 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 06 February 2012 - 04:48 PM

OTL log is incorrect.
You just posted my script.
Please redo.

I still need Security Check log.

#18 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 06 February 2012 - 05:08 PM

OTL logfile created on: 2/5/2012 4:05:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 80.67% Memory free
4.72 Gb Paging File | 4.31 Gb Available in Paging File | 91.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 34.06 Gb Free Space | 69.77% Space Free | Partition Type: NTFS
Drive D: | 416.93 Gb Total Space | 51.75 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Drive E: | 48.82 Gb Total Space | 48.76 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive F: | 407.37 Gb Total Space | 139.08 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
Drive G: | 9.56 Gb Total Space | 1.30 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive M: | 281.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOSEPH-4C60E4B9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/29 07:16:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\OTL.exe
PRC - [2012/01/19 03:47:20 | 002,698,624 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/01/19 03:47:19 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 03:26:19 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 01:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

========== Modules (No Company Name) ==========

MOD - [2011/05/05 00:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2008/04/14 01:00:00 | 000,059,904 | ---- | M] () -- C:\WINXP\system32\devenum.dll
MOD - [2008/04/14 01:00:00 | 000,014,336 | ---- | M] () -- C:\WINXP\system32\msdmo.dll
MOD - [2006/04/03 18:04:02 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2006/04/03 18:04:02 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2006/04/03 18:04:02 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so

========== Win32 Services (SafeList) ==========

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/14 02:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/09/14 05:58:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXP\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/08/14 13:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 FD 60 4E CC DD CC 01 [binary data]
IE - HKU\S-1-5-21-1659004503-602609370-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/28 11:59:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/28 12:42:23 | 000,000,000 | ---D | M]

[2012/01/28 11:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla\Extensions
[2012/01/28 12:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla\Firefox\Profiles\j9ggo1oh.default\extensions
[2012/01/28 12:31:19 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla\Firefox\Profiles\j9ggo1oh.default\extensions\keyscrambler@qfx.software.corporation
[2012/01/28 11:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/20 23:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 20:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 20:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/05 15:39:29 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O3 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-602609370-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE29E83-0A83-4B2C-A291-EDE3295D2821}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) -C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/20 09:54:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/23 14:42:47 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINXP\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINXP\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINXP\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINXP\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINXP\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINXP\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINXP\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 15:41:14 | 000,000,000 | ---D | C] -- C:\WINXP\temp
[2012/02/05 08:18:35 | 000,000,000 | ---D | C] -- D:\My Documents\My Pictures
[2012/02/05 08:16:24 | 000,000,000 | ---D | C] -- D:\My Documents\TurboTax
[2012/02/05 08:16:24 | 000,000,000 | ---D | C] -- D:\My Documents\event_photo_page-Gary_files
[2012/02/05 08:15:08 | 000,000,000 | ---D | C] -- D:\My Documents\ChessBase
[2012/02/05 08:12:21 | 000,000,000 | R--D | C] -- D:\My Documents\My Videos
[2012/02/05 08:12:21 | 000,000,000 | R--D | C] -- D:\My Documents\My Music
[2012/02/05 08:12:21 | 000,000,000 | ---D | C] -- D:\My Documents\My Received Files
[2012/02/05 08:12:21 | 000,000,000 | ---D | C] -- D:\My Documents\Logs
[2012/02/05 08:12:21 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2012/02/04 11:46:05 | 004,396,501 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ComboFix.exe
[2012/02/04 06:54:56 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\boot_cleaner.exe
[2012/02/03 11:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/03 11:01:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012/02/03 11:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/03 08:20:13 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/03 08:18:40 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\aswMBR.exe
[2012/02/03 08:17:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\dds.scr
[2012/02/03 08:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\TeamViewer
[2012/02/03 08:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\TeamViewer 7
[2012/02/03 08:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/02/03 08:09:53 | 005,093,448 | ---- | C] (TeamViewer GmbH) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TeamViewer_Setup.exe
[2012/02/02 13:10:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/02 13:09:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe
[2012/02/02 13:09:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe
[2012/02/02 13:09:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe
[2012/02/02 13:09:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe
[2012/02/02 13:08:37 | 000,000,000 | ---D | C] -- C:\WINXP\ERDNT
[2012/02/02 12:52:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 12:52:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Administrative Tools
[2012/02/02 12:49:09 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\AppRemover.exe
[2012/02/02 12:49:01 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\FixTDSS.exe
[2012/02/02 12:48:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\OTL.exe
[2012/02/02 12:47:16 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TDSSKiller.exe
[2012/02/02 12:45:36 | 000,000,000 | ---D | C] -- C:\WINXP\SxsCaPendDel
[2012/01/29 10:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/01/28 18:37:00 | 000,000,000 | ---D | C] -- C:\WINXP\System32\NtmsData
[2012/01/28 18:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Windows Search
[2012/01/28 16:15:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/28 15:53:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINXP\System32\bootdelete.exe
[2012/01/28 15:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/01/28 15:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Hitman Pro
[2012/01/28 15:37:06 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/01/28 14:14:47 | 000,206,160 | ---- | C] (CA, Inc.) -- C:\WINXP\System32\Isafprod.dll
[2012/01/28 14:14:47 | 000,128,336 | ---- | C] (Computer Associates International, Inc.) -- C:\WINXP\System32\Isafeif.dll
[2012/01/28 14:14:47 | 000,095,568 | ---- | C] (Computer Associates International, Inc.) -- C:\WINXP\System32\Vetredir.dll
[2012/01/28 12:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2012/01/28 12:49:04 | 000,000,000 | ---D | C] -- C:\WINXP\rnapxs
[2012/01/28 12:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/01/28 12:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Adobe
[2012/01/28 12:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/28 12:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/28 12:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Adobe
[2012/01/28 12:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\QFX Software
[2012/01/28 12:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\QFX Software
[2012/01/28 12:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Macromedia
[2012/01/28 12:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Adobe
[2012/01/28 12:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Microsoft Office
[2012/01/28 12:22:19 | 000,000,000 | ---D | C] -- C:\WINXP\SHELLNEW
[2012/01/28 12:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\KeyScrambler
[2012/01/28 12:15:22 | 000,225,592 | ---- | C] (QFX Software Corporation) -- C:\WINXP\System32\drivers\keyscrambler.sys
[2012/01/28 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2012/01/28 11:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Mozilla
[2012/01/28 11:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Mozilla
[2012/01/28 10:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Malwarebytes
[2012/01/28 10:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
[2012/01/28 09:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Runtime Software
[2012/01/28 09:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/28 08:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\ApplicationHistory
[2012/01/28 08:46:16 | 000,000,000 | ---D | C] -- C:\WINXP\Minidump
[2012/01/28 08:43:34 | 000,000,000 | ---D | C] -- C:\WINXP\System32\SoftwareDistribution
[2012/01/28 08:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\InstallShield
[2012/01/28 08:42:04 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/01/28 07:50:55 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Lang
[2012/01/28 07:46:19 | 000,000,000 | ---D | C] -- C:\WINXP\ie8updates
[2012/01/28 07:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\NVIDIA
[2012/01/28 07:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\NVIDIA Corporation
[2012/01/28 07:43:08 | 000,000,000 | ---D | C] -- C:\WINXP\System32\XPSViewer
[2012/01/28 07:41:14 | 000,000,000 | ---D | C] -- C:\WINXP\System32\RTCOM
[2012/01/28 07:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Windows Desktop Search
[2012/01/28 07:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Identities
[2012/01/28 07:40:56 | 000,000,000 | -H-D | C] -- C:\WINXP\System32\GroupPolicy
[2012/01/28 07:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/01/28 07:40:07 | 000,000,000 | R-SD | C] -- C:\WINXP\assembly
[2012/01/28 07:40:07 | 000,000,000 | ---D | C] -- C:\WINXP\System32\URTTemp
[2012/01/28 07:40:07 | 000,000,000 | ---D | C] -- C:\WINXP\Microsoft.NET
[2012/01/28 07:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Windows Genuine Advantage
[2012/01/28 06:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\NVIDIA Corporation
[2012/01/28 06:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/28 06:44:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\ReinstallBackups
[2012/01/26 16:30:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\PrivacIE
[2012/01/26 16:25:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINXP\System32\CSVer.dll
[2012/01/26 16:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Identities
[2012/01/26 16:02:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings\Application Data\Microsoft
[2012/01/26 16:02:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft
[2012/01/26 16:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\SendTo
[2012/01/26 16:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Recent
[2012/01/26 16:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data
[2012/01/26 16:02:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Startup
[2012/01/26 16:02:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu
[2012/01/26 16:02:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Favorites
[2012/01/26 16:02:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Accessories
[2012/01/26 16:02:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\IETldCache
[2012/01/26 16:02:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Cookies
[2012/01/26 16:02:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Templates
[2012/01/26 16:02:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\PrintHood
[2012/01/26 16:02:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\NetHood
[2012/01/26 16:02:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Local Settings
[2012/01/26 16:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop
[2012/01/26 16:02:47 | 000,000,000 | ---D | C] -- C:\WINXP\SoftwareDistribution
[2012/01/26 16:02:45 | 000,000,000 | ---D | C] -- C:\WINXP\Prefetch
[2012/01/26 16:02:44 | 000,000,000 | --SD | C] -- C:\WINXP\System32\Microsoft
[2012/01/26 16:00:14 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINXP\System32\dllcache\rwia330.dll
[2012/01/26 16:00:14 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINXP\System32\dllcache\rwia001.dll
[2012/01/26 16:00:14 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINXP\System32\dllcache\rw330ext.dll
[2012/01/26 15:59:28 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINXP\System32\dllcache\cap7146.sys
[2012/01/26 15:59:08 | 000,000,000 | ---D | C] -- C:\WINXP\System32\xircom
[2012/01/26 15:58:35 | 000,000,000 | ---D | C] -- C:\WINXP\System32\PreInstall
[2012/01/26 15:58:33 | 000,000,000 | -H-D | C] -- C:\WINXP\$hf_mig$
[2012/01/26 15:57:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINXP\DRM
[2012/01/26 15:56:59 | 000,000,000 | ---D | C] -- C:\WINXP\System32\DirectX
[2012/01/26 15:56:44 | 000,000,000 | --SD | C] -- C:\WINXP\Tasks
[2012/01/26 15:56:39 | 000,000,000 | ---D | C] -- C:\WINXP\srchasst
[2012/01/26 15:56:38 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Macromed
[2012/01/26 15:56:19 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Restore
[2012/01/26 15:56:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Documents\My Pictures
[2012/01/26 15:55:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Games
[2012/01/26 15:55:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Administrative Tools
[2012/01/26 15:55:32 | 000,000,000 | ---D | C] -- C:\WINXP\Registration
[2012/01/26 15:54:43 | 000,000,000 | ---D | C] -- C:\WINXP\System32\MsDtc
[2012/01/26 15:54:41 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Com
[2012/01/26 15:54:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Documents\My Videos
[2012/01/26 15:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Accessories
[2012/01/26 10:10:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/26 07:41:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Documents\My Music
[2012/01/26 07:41:06 | 000,000,000 | -HSD | C] -- C:\WINXP\Installer
[2012/01/26 07:40:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup
[2012/01/26 07:40:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu
[2012/01/26 07:40:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINXP\Documents
[2012/01/26 07:40:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINXP\Templates
[2012/01/26 07:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Favorites
[2012/01/26 07:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Desktop
[2012/01/26 07:40:28 | 000,000,000 | ---D | C] -- C:\WINXP\System32\CatRoot2
[2012/01/26 07:40:28 | 000,000,000 | ---D | C] -- C:\WINXP\System32\CatRoot
[2012/01/26 07:40:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft
[2012/01/26 07:40:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data
[2012/01/26 07:36:58 | 000,000,000 | --SD | C] -- C:\WINXP\Offline Web Pages
[2012/01/26 07:36:58 | 000,000,000 | --SD | C] -- C:\WINXP\Downloaded Program Files
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\WinSxS
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\WBEM
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\usmt
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\UMDF
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\twain_32
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\scripting
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\Resources
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\Provisioning
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\PeerNet
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\pchealth
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\oobe
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\Network Diagnostic
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\mui
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\mui
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\msapps
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\L2Schemas
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\inetsrv
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\IME
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\ime
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\icsxml
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\en-US
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\en
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\ehome
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\Debug
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\AppPatch
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\3com_dmi
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\3076
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\2052
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1054
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1042
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1041
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1037
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1033
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1031
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1028
[2012/01/26 07:36:58 | 000,000,000 | ---D | C] -- C:\WINXP\System32\1025
[2012/01/26 07:36:57 | 000,000,000 | R-SD | C] -- C:\WINXP\Fonts
[2012/01/26 07:36:57 | 000,000,000 | RHSD | C] -- C:\WINXP\System32\dllcache
[2012/01/26 07:36:57 | 000,000,000 | R--D | C] -- C:\WINXP\Web
[2012/01/26 07:36:57 | 000,000,000 | -H-D | C] -- C:\WINXP\inf
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\wins
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\wbem
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\system32
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\system
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\spool
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\ShellExt
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\Setup
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\security
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\repair
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\ras
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\npp
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\msagent
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Media
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\java
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\ias
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Help
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\export
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\etc
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Driver Cache
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\disdn
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\dhcp
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Cursors
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Connection Wizard
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\config
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\Config
[2012/01/26 07:36:57 | 000,000,000 | ---D | C] -- C:\WINXP\addins
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 15:44:24 | 000,000,424 | -H-- | M] () -- C:\WINXP\tasks\MP Scheduled Scan.job
[2012/02/05 15:39:44 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012/02/05 15:39:29 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2012/02/05 15:39:20 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012/02/04 11:42:07 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\rkill.exe
[2012/02/04 11:41:25 | 004,396,501 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ComboFix.exe
[2012/02/04 07:46:21 | 000,001,945 | ---- | M] () -- C:\WINXP\epplauncher.mif
[2012/02/04 06:51:59 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\boot_cleaner.exe
[2012/02/04 06:49:15 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts.exe
[2012/02/04 06:43:50 | 000,800,211 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts64.exe
[2012/02/03 14:38:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 14:06:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\MBR.dat
[2012/02/03 08:12:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\TeamViewer 7.lnk
[2012/02/03 08:09:53 | 005,093,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TeamViewer_Setup.exe
[2012/02/03 05:45:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/03 05:42:55 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\aswMBR.exe
[2012/02/03 05:41:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\dds.scr
[2012/02/02 13:45:25 | 002,040,543 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\tdsskiller.zip
[2012/02/02 13:10:59 | 000,000,433 | -HS- | M] () -- C:\boot.ini
[2012/02/02 12:58:49 | 000,055,420 | ---- | M] () -- C:\WINXP\System32\drivers\KmxAgent.asc
[2012/02/01 13:08:40 | 000,000,664 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat
[2012/01/30 11:27:45 | 000,023,624 | ---- | M] () -- C:\WINXP\System32\drivers\hitmanpro35.sys
[2012/01/30 07:29:29 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\gmer.exe
[2012/01/30 07:04:14 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Fabar Servic scanner.exe
[2012/01/30 07:03:26 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\SecurityCheck.exe
[2012/01/30 06:24:33 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\FixTDSS.exe
[2012/01/30 06:15:27 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\AppRemover.exe
[2012/01/30 06:01:08 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TDSSKiller.exe
[2012/01/29 07:16:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\OTL.exe
[2012/01/28 15:53:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINXP\System32\bootdelete.exe
[2012/01/28 13:36:12 | 000,113,376 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012/01/28 13:32:19 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\My Documents.lnk
[2012/01/28 13:32:01 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\My Computer.lnk
[2012/01/28 13:30:31 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/01/28 12:42:24 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Adobe Reader X.lnk
[2012/01/28 12:22:49 | 000,000,370 | ---- | M] () -- C:\WINXP\ODBC.INI
[2012/01/28 11:59:11 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/28 11:59:11 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Firefox.lnk
[2012/01/28 10:45:21 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\WordPad.lnk
[2012/01/28 10:45:02 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Notepad.lnk
[2012/01/28 10:44:28 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Microsoft Security Essentials.lnk
[2012/01/28 09:40:44 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\DriveImage XML.lnk
[2012/01/28 09:04:31 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2012/01/28 09:04:07 | 000,462,168 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012/01/28 09:04:07 | 000,078,114 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012/01/28 07:48:19 | 000,000,129 | ---- | M] () -- C:\WINXP\System32\MRT.INI
[2012/01/28 07:45:59 | 000,273,344 | ---- | M] () -- C:\WINXP\System32\nvdrsdb0.bin
[2012/01/28 07:45:59 | 000,000,001 | ---- | M] () -- C:\WINXP\System32\nvdrssel.bin
[2012/01/28 07:45:27 | 000,273,344 | ---- | M] () -- C:\WINXP\System32\nvdrsdb1.bin
[2012/01/28 07:45:27 | 000,000,000 | ---- | M] () -- C:\WINXP\System32\nvdrswr.lk
[2012/01/28 07:41:00 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Windows Search.lnk
[2012/01/28 07:08:10 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Control Panel.lnk
[2012/01/28 07:05:07 | 000,000,388 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Local Area Connection.lnk
[2012/01/28 07:04:24 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\System.lnk
[2012/01/28 07:03:28 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Network Connections.lnk
[2012/01/28 07:03:19 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Administrative Tools.lnk
[2012/01/28 06:46:11 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/01/28 06:46:01 | 000,000,022 | ---- | M] () -- C:\WINXP\FileName
[2012/01/26 16:11:44 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Win Explorer.lnk
[2012/01/26 16:03:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/26 16:03:09 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Internet Explorer.lnk
[2012/01/26 16:03:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Windows Media Player.lnk
[2012/01/26 16:02:05 | 000,008,192 | ---- | M] () -- C:\WINXP\REGLOCS.OLD
[2012/01/26 16:00:43 | 000,000,372 | ---- | M] () -- C:\WINXP\System32\$winnt$.inf
[2012/01/26 15:58:21 | 000,002,577 | ---- | M] () -- C:\WINXP\System32\CONFIG.NT
[2012/01/26 15:58:16 | 000,023,392 | ---- | M] () -- C:\WINXP\System32\nscompat.tlb
[2012/01/26 15:58:16 | 000,016,832 | ---- | M] () -- C:\WINXP\System32\amcompat.tlb
[2012/01/26 15:58:15 | 000,316,640 | ---- | M] () -- C:\WINXP\WMSysPr9.prx
[2012/01/26 15:58:06 | 000,004,073 | ---- | M] () -- C:\WINXP\ODBCINST.INI
[2012/01/26 15:55:48 | 000,021,640 | ---- | M] () -- C:\WINXP\System32\emptyregdb.dat
[2012/01/26 15:53:14 | 000,000,317 | ---- | M] () -- C:\Boot.bak
[2012/01/26 07:41:11 | 000,004,444 | ---- | M] () -- C:\WINXP\System32\pid.PNF
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/05 08:16:25 | 000,006,077 | -H-- | C] () -- D:\My Documents\event_photo_page-Gary.htm
[2012/02/04 11:48:37 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\rkill.exe
[2012/02/04 07:51:08 | 000,000,424 | -H-- | C] () -- C:\WINXP\tasks\MP Scheduled Scan.job
[2012/02/04 07:46:02 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/04 06:54:30 | 000,800,211 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts64.exe
[2012/02/04 06:54:15 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts.exe
[2012/02/03 14:06:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\MBR.dat
[2012/02/03 11:01:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 08:12:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\TeamViewer 7.lnk
[2012/02/02 13:45:22 | 002,040,543 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\tdsskiller.zip
[2012/02/02 13:10:59 | 000,000,317 | ---- | C] () -- C:\Boot.bak
[2012/02/02 13:10:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/02 13:09:47 | 000,256,000 | ---- | C] () -- C:\WINXP\PEV.exe
[2012/02/02 13:09:47 | 000,208,896 | ---- | C] () -- C:\WINXP\MBR.exe
[2012/02/02 13:09:47 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe
[2012/02/02 13:09:47 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe
[2012/02/02 13:09:47 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe
[2012/02/02 12:49:24 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Fabar Servic scanner.exe
[2012/02/02 12:47:58 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\SecurityCheck.exe
[2012/02/02 12:46:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\gmer.exe
[2012/01/28 17:42:16 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2012/01/28 15:50:09 | 000,023,624 | ---- | C] () -- C:\WINXP\System32\drivers\hitmanpro35.sys
[2012/01/28 13:41:07 | 000,055,420 | ---- | C] () -- C:\WINXP\System32\drivers\KmxAgent.asc
[2012/01/28 13:32:19 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\My Documents.lnk
[2012/01/28 13:32:01 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\My Computer.lnk
[2012/01/28 13:31:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Windows Media Player.lnk
[2012/01/28 13:30:31 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/01/28 12:42:24 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/28 12:42:24 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Adobe Reader X.lnk
[2012/01/28 12:22:49 | 000,000,370 | ---- | C] () -- C:\WINXP\ODBC.INI
[2012/01/28 12:13:29 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Internet Explorer.lnk
[2012/01/28 11:59:11 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/28 11:59:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/28 11:59:10 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Firefox.lnk
[2012/01/28 10:45:21 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\WordPad.lnk
[2012/01/28 10:45:02 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Notepad.lnk
[2012/01/28 10:44:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Microsoft Security Essentials.lnk
[2012/01/28 09:40:44 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\DriveImage XML.lnk
[2012/01/28 09:29:44 | 000,001,945 | ---- | C] () -- C:\WINXP\epplauncher.mif
[2012/01/28 08:43:04 | 000,006,045 | ---- | C] () -- C:\WINXP\System32\nvnrm.nvu
[2012/01/28 07:48:19 | 000,000,129 | ---- | C] () -- C:\WINXP\System32\MRT.INI
[2012/01/28 07:45:27 | 000,273,344 | ---- | C] () -- C:\WINXP\System32\nvdrsdb1.bin
[2012/01/28 07:45:27 | 000,273,344 | ---- | C] () -- C:\WINXP\System32\nvdrsdb0.bin
[2012/01/28 07:45:27 | 000,000,001 | ---- | C] () -- C:\WINXP\System32\nvdrssel.bin
[2012/01/28 07:45:27 | 000,000,000 | ---- | C] () -- C:\WINXP\System32\nvdrswr.lk
[2012/01/28 07:41:24 | 000,004,984 | ---- | C] () -- C:\WINXP\System32\drivers\nvphy.bin
[2012/01/28 07:41:00 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Windows Search.lnk
[2012/01/28 07:41:00 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Windows Search.lnk
[2012/01/28 07:08:10 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Control Panel.lnk
[2012/01/28 07:05:07 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Local Area Connection.lnk
[2012/01/28 07:04:24 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\System.lnk
[2012/01/28 07:03:28 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Network Connections.lnk
[2012/01/28 07:03:19 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Administrative Tools.lnk
[2012/01/28 06:46:11 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/01/28 06:46:01 | 000,000,022 | ---- | C] () -- C:\WINXP\FileName
[2012/01/28 06:44:59 | 000,001,570 | ---- | C] () -- C:\WINXP\System32\nvide.nvu
[2012/01/26 16:11:44 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Win Explorer.lnk
[2012/01/26 16:03:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/26 16:03:09 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Internet Explorer.lnk
[2012/01/26 16:03:00 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Outlook Express.lnk
[2012/01/26 16:02:52 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Remote Assistance.lnk
[2012/01/26 16:02:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Start Menu\Programs\Windows Media Player.lnk
[2012/01/26 16:02:05 | 000,008,192 | ---- | C] () -- C:\WINXP\REGLOCS.OLD
[2012/01/26 16:00:43 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2012/01/26 16:00:10 | 000,175,104 | ---- | C] () -- C:\WINXP\System32\dllcache\pintlcsa.dll
[2012/01/26 15:59:55 | 001,158,818 | ---- | C] () -- C:\WINXP\System32\dllcache\korwbrkr.lex
[2012/01/26 15:59:50 | 000,196,665 | ---- | C] () -- C:\WINXP\System32\dllcache\imjpinst.exe
[2012/01/26 15:59:50 | 000,059,392 | ---- | C] () -- C:\WINXP\System32\dllcache\imscinst.exe
[2012/01/26 15:59:49 | 000,134,339 | ---- | C] () -- C:\WINXP\System32\dllcache\imekr.lex
[2012/01/26 15:59:44 | 013,463,552 | ---- | C] () -- C:\WINXP\System32\dllcache\hwxjpn.dll
[2012/01/26 15:59:41 | 000,108,827 | ---- | C] () -- C:\WINXP\System32\dllcache\hanja.lex
[2012/01/26 15:59:39 | 000,094,208 | ---- | C] () -- C:\WINXP\System32\dllcache\fpencode.dll
[2012/01/26 15:59:30 | 000,173,568 | ---- | C] () -- C:\WINXP\System32\dllcache\chtskf.dll
[2012/01/26 15:58:21 | 000,002,577 | ---- | C] () -- C:\WINXP\System32\CONFIG.NT
[2012/01/26 15:58:16 | 000,023,392 | ---- | C] () -- C:\WINXP\System32\nscompat.tlb
[2012/01/26 15:58:16 | 000,016,832 | ---- | C] () -- C:\WINXP\System32\amcompat.tlb
[2012/01/26 15:58:15 | 000,316,640 | ---- | C] () -- C:\WINXP\WMSysPr9.prx
[2012/01/26 15:57:15 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/26 15:57:03 | 004,399,505 | ---- | C] () -- C:\WINXP\System32\dllcache\nls302en.lex
[2012/01/26 15:56:52 | 000,048,680 | -HS- | C] () -- C:\WINXP\winnt256.bmp
[2012/01/26 15:56:52 | 000,048,680 | -HS- | C] () -- C:\WINXP\winnt.bmp
[2012/01/26 15:56:48 | 000,000,984 | ---- | C] () -- C:\WINXP\System32\dllcache\srframe.mmf
[2012/01/26 15:56:20 | 000,376,832 | ---- | C] () -- C:\WINXP\System32\dllcache\msinfo.dll
[2012/01/26 15:55:50 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Windows Messenger.lnk
[2012/01/26 15:55:48 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2012/01/26 15:55:25 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\MSN.lnk
[2012/01/26 15:55:00 | 000,065,978 | ---- | C] () -- C:\WINXP\Soap Bubbles.bmp
[2012/01/26 15:55:00 | 000,065,954 | ---- | C] () -- C:\WINXP\Prairie Wind.bmp
[2012/01/26 15:55:00 | 000,065,832 | ---- | C] () -- C:\WINXP\Santa Fe Stucco.bmp
[2012/01/26 15:55:00 | 000,026,680 | ---- | C] () -- C:\WINXP\River Sumida.bmp
[2012/01/26 15:55:00 | 000,026,582 | ---- | C] () -- C:\WINXP\Greenstone.bmp
[2012/01/26 15:55:00 | 000,017,362 | ---- | C] () -- C:\WINXP\Rhododendron.bmp
[2012/01/26 15:55:00 | 000,017,336 | ---- | C] () -- C:\WINXP\Gone Fishing.bmp
[2012/01/26 15:55:00 | 000,017,062 | ---- | C] () -- C:\WINXP\Coffee Bean.bmp
[2012/01/26 15:55:00 | 000,016,730 | ---- | C] () -- C:\WINXP\FeatherTexture.bmp
[2012/01/26 15:55:00 | 000,009,522 | ---- | C] () -- C:\WINXP\Zapotec.bmp
[2012/01/26 15:55:00 | 000,001,272 | ---- | C] () -- C:\WINXP\Blue Lace 16.bmp
[2012/01/26 15:54:58 | 000,003,286 | ---- | C] () -- C:\WINXP\System32\tslabels.h
[2012/01/26 15:54:58 | 000,001,161 | ---- | C] () -- C:\WINXP\System32\usrlogon.cmd
[2012/01/26 15:54:57 | 000,000,768 | ---- | C] () -- C:\WINXP\System32\msdtcprf.h
[2012/01/26 15:54:53 | 000,063,488 | ---- | C] () -- C:\WINXP\System32\wmimgmt.msc
[2012/01/26 07:41:11 | 000,004,444 | ---- | C] () -- C:\WINXP\System32\pid.PNF
[2012/01/26 07:41:09 | 000,001,374 | ---- | C] () -- C:\WINXP\imsins.BAK
[2012/01/26 07:41:06 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2012/01/26 07:40:48 | 000,001,688 | ---- | C] () -- C:\WINXP\System32\AUTOEXEC.NT
[2012/01/26 07:40:37 | 001,296,669 | ---- | C] () -- C:\WINXP\System32\dllcache\SP3.CAT
[2012/01/26 07:40:37 | 000,797,189 | ---- | C] () -- C:\WINXP\System32\dllcache\NT5IIS.CAT
[2012/01/26 07:40:37 | 000,399,645 | ---- | C] () -- C:\WINXP\System32\dllcache\MAPIMIG.CAT
[2012/01/26 07:40:37 | 000,144,484 | ---- | C] () -- C:\WINXP\System32\dllcache\netfx.cat
[2012/01/26 07:40:37 | 000,112,918 | ---- | C] () -- C:\WINXP\System32\dllcache\tabletpc.cat
[2012/01/26 07:40:37 | 000,037,484 | ---- | C] () -- C:\WINXP\System32\dllcache\MW770.CAT
[2012/01/26 07:40:37 | 000,034,747 | ---- | C] () -- C:\WINXP\System32\dllcache\mediactr.cat
[2012/01/26 07:40:37 | 000,034,063 | ---- | C] () -- C:\WINXP\System32\dllcache\FP4.CAT
[2012/01/26 07:40:37 | 000,026,991 | ---- | C] () -- C:\WINXP\System32\dllcache\msn7.cat
[2012/01/26 07:40:37 | 000,016,535 | ---- | C] () -- C:\WINXP\System32\dllcache\IMS.CAT
[2012/01/26 07:40:37 | 000,014,433 | ---- | C] () -- C:\WINXP\System32\dllcache\msn9.cat
[2012/01/26 07:40:37 | 000,013,472 | ---- | C] () -- C:\WINXP\System32\dllcache\HPCRDP.CAT
[2012/01/26 07:40:37 | 000,012,363 | ---- | C] () -- C:\WINXP\System32\dllcache\MSMSGS.CAT
[2012/01/26 07:40:37 | 000,010,027 | ---- | C] () -- C:\WINXP\System32\dllcache\MSTSWEB.CAT
[2012/01/26 07:40:37 | 000,008,574 | ---- | C] () -- C:\WINXP\System32\dllcache\IASNT4.CAT
[2012/01/26 07:40:37 | 000,007,382 | ---- | C] () -- C:\WINXP\System32\dllcache\OEMBIOS.CAT
[2012/01/26 07:40:37 | 000,007,334 | ---- | C] () -- C:\WINXP\System32\dllcache\wmerrenu.cat
[2012/01/26 07:40:36 | 002,144,487 | ---- | C] () -- C:\WINXP\System32\dllcache\NT5.CAT
[2012/01/26 07:40:36 | 000,522,220 | ---- | C] () -- C:\WINXP\System32\dllcache\NT5INF.CAT
[2012/01/26 07:40:02 | 000,113,376 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012/01/26 07:39:07 | 000,000,372 | ---- | C] () -- C:\WINXP\System32\$winnt$.inf
[2011/05/21 06:01:00 | 002,123,582 | ---- | C] () -- C:\WINXP\System32\nvdata.data
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINXP\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINXP\System32\structuredqueryschema.bin
[2008/04/14 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin
[2008/04/14 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat
[2008/04/14 01:00:00 | 000,462,168 | ---- | C] () -- C:\WINXP\System32\perfh009.dat
[2008/04/14 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat
[2008/04/14 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat
[2008/04/14 01:00:00 | 000,078,114 | ---- | C] () -- C:\WINXP\System32\perfc009.dat
[2008/04/14 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin
[2008/04/14 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat
[2008/04/14 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat
[2008/04/14 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINXP\System32\oembios.dat
[2008/04/14 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINXP\System32\Dcache.bin
[2008/04/14 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINXP\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINXP\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINXP\System32\gthrctr.ini

========== LOP Check ==========

[2012/01/28 12:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\QFX Software
[2012/02/04 11:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\TeamViewer
[2012/01/28 07:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Windows Desktop Search
[2012/01/28 18:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Windows Search
[2012/01/28 15:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Hitman Pro
[2012/01/28 12:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\QFX Software
[2012/02/05 15:44:24 | 000,000,424 | -H-- | M] () -- C:\WINXP\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/01/28 06:46:11 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/20 09:54:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/01/26 15:53:14 | 000,000,317 | ---- | M] () -- C:\Boot.bak
[2012/02/02 13:10:59 | 000,000,433 | -HS- | M] () -- C:\boot.ini
[2012/02/02 13:00:00 | 004,903,463 | ---- | M] () -- C:\caisslog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/05 15:41:12 | 000,008,876 | ---- | M] () -- C:\ComboFix.txt
[2009/07/20 09:54:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/20 09:54:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/20 09:54:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 01:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 01:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/05 15:39:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/02/05 07:21:46 | 000,000,496 | ---- | M] () -- C:\rkill.log
[2012/02/02 13:44:33 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_02.02.2012_13.44.24_log.txt
[2012/02/02 13:45:12 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_02.02.2012_13.45.09_log.txt
[2012/01/28 16:21:32 | 000,095,434 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_28.01.2012_16.10.58_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINXP\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINXP\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINXP\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINXP\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2012/01/26 15:57:55 | 000,000,067 | -HS- | M] () -- C:\WINXP\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 10:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2012/01/26 07:39:09 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav
[2012/01/26 07:39:09 | 001,089,536 | ---- | M] () -- C:\WINXP\System32\config\software.sav
[2012/01/26 07:39:09 | 000,929,792 | ---- | M] () -- C:\WINXP\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2012/01/26 15:58:27 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/26 16:03:11 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2012/01/26 16:03:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/30 06:15:27 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\AppRemover.exe
[2012/02/03 05:42:55 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\aswMBR.exe
[2012/02/04 06:51:59 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\boot_cleaner.exe
[2012/02/04 11:41:25 | 004,396,501 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ComboFix.exe
[2012/01/30 07:04:14 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\Fabar Servic scanner.exe
[2012/01/30 06:24:33 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\FixTDSS.exe
[2012/01/30 07:29:29 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\gmer.exe
[2012/02/04 06:49:15 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts.exe
[2012/02/04 06:43:50 | 000,800,211 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\ListParts64.exe
[2012/02/03 05:45:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\mbam--setup-1.60.1.1000.exe
[2012/01/29 07:16:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\OTL.exe
[2012/02/04 11:42:07 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\rkill.exe
[2012/01/30 07:03:26 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\SecurityCheck.exe
[2012/01/30 06:01:08 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TDSSKiller.exe
[2012/02/03 08:09:53 | 005,093,448 | ---- | M] (TeamViewer GmbH) -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Desktop\TeamViewer_Setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/01/26 16:03:11 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/05 15:40:56 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Administrator.JOSEPH-4C60E4B9\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2010/09/16 02:27:53 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINXP\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 01:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/02 21:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 17:29:46 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 13:42:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 21:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 03:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/29 00:41:26 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2008/04/14 01:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 01:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 01:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 21:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 21:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-29 18:04:53

< End of report >

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#19 Broni Re: [RESOLVED] trojan:dos/alureon.e

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 12:49 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 12h 18m 57s

Posted 06 February 2012 - 05:28 PM

OTL is still incorrect.
You clicked on "Scan" button instead of "Fix" button.

#20 fergiedog Re: [RESOLVED] trojan:dos/alureon.e

Member

17 posts
Joined: February 01, 2012
3 topics
Age: 66
Local time: 01:49 PM

Zodiac:Leo
Gender:Male
Location:Hot Springs Village Arkansas
Interests:Golf, puters, pool, pingpong, moving rocks
OS:Windows XP
Country:

Offline

Time Online: 20h 13m 32s

Posted 06 February 2012 - 06:20 PM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1659004503-602609370-1801674531-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.JOSEPH-4C60E4B9
->Temp folder emptied: 642301 bytes
->Temporary Internet Files folder emptied: 5324498 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINXP

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINXP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 6430 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16387 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4270176805 bytes

Total Files Cleaned = 4,078.00 mb

[EMPTYJAVA]

User: Administrator

User: Administrator.JOSEPH-4C60E4B9

User: All Users

User: All Users.WINXP

User: Default User

User: Default User.WINXP

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.JOSEPH-4C60E4B9
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINXP

User: Default User

User: Default User.WINXP
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02062012_101151

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Back to Virus, Spyware and Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

This topic has been visited by 9 user(s)

Broni, fergiedog, frazzm737, JohnT, Larry(ne), moeenhappy, mrbubl, MrCharlie, satrow