Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows vista security threat


  • Please log in to reply

#1
busdrvr64

busdrvr64

    Member

  • Member
  • PipPipPip
  • 125 posts
I have a REALLY big problem. I have these balloons coming up. They say things like Stealth intrusion . Key logger alert System danger. Cant run MBAM. Run this program, Vista Security 2011. I dl a form and it started right then. I cant get on the net without it coming up. Please help. Here is the otl log

OTL logfile created on: 11/15/2010 6:27:04 PM - Run 5
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\new user\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 363.00 Mb Available Physical Memory | 38.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.30 Gb Free Space | 59.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEWUSER-PC
Current User Name: new user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\new user\AppData\Local\pw.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\new user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Microsoft Corporation)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)


========== Modules (SafeList) ==========

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\new user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvrd32) -- C:\Windows\system32\DRIVERS\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce™ -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 CD 55 17 45 FB C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/06/05 17:47:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Sound Card Driver] C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = pezfile] -- "C:\Users\new user\AppData\Local\pw.exe" /START "%1" %* ()

========== Files/Folders - Created Within 90 Days ==========

[2010/11/10 04:56:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/07 12:30:52 | 000,000,000 | ---D | C] -- C:\Casino
[2010/11/07 12:11:34 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\SuperslotsCasino
[2010/10/17 14:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\VegasRegalCasino
[2010/10/16 08:54:56 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\CrazySlotsCasino
[2010/10/10 05:54:25 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\SlotsGaloreCasino
[2010/10/09 15:45:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/09 15:45:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/09 15:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/08 04:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/08 18:26:59 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\VTExtra
[2010/09/08 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\VTShared
[2010/09/08 18:19:32 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\GoCasino
[2010/08/24 07:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/08/24 07:05:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/24 07:05:09 | 000,000,000 | ---D | C] -- C:\51ab265f4ef8d05e9248
[2010/08/21 10:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/21 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Apple Computer
[2010/08/21 10:35:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/21 10:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/21 10:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/21 10:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/21 10:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/21 10:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/21 10:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/21 10:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/21 10:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

========== Files - Modified Within 90 Days ==========

[2010/11/15 18:26:58 | 001,835,008 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT
[2010/11/15 18:22:37 | 000,009,654 | -HS- | M] () -- C:\Users\new user\AppData\Local\opRSK
[2010/11/15 17:34:09 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 17:34:09 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 17:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/15 11:39:49 | 000,174,592 | -HS- | M] () -- C:\Users\new user\AppData\Local\pw.exe
[2010/11/15 05:36:40 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/11/15 05:36:40 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/15 05:36:40 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/15 05:34:08 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AFA7A386-982A-402B-A456-4FDB6DBE79EE}.job
[2010/11/15 05:30:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/11/14 21:31:32 | 000,524,288 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/11/14 21:31:32 | 000,065,536 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/11/11 22:25:25 | 002,452,357 | -H-- | M] () -- C:\Users\new user\AppData\Local\IconCache.db
[2010/11/08 04:42:55 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/08 04:42:55 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/07 12:43:00 | 000,000,963 | ---- | M] () -- C:\Users\new user\Desktop\Slots Galore Casino.lnk
[2010/10/28 20:34:30 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/24 21:38:53 | 000,000,453 | ---- | M] () -- C:\Windows\winhelp.ini
[2010/10/24 20:45:13 | 000,000,951 | ---- | M] () -- C:\Users\new user\Desktop\Go Casino.lnk
[2010/10/17 14:03:09 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Regal Casino.lnk
[2010/10/13 04:27:52 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/12 18:06:34 | 000,004,608 | ---- | M] () -- C:\Users\new user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/12 18:05:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/09 15:45:12 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 04:27:12 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/24 10:11:13 | 000,049,560 | ---- | M] () -- C:\Users\new user\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/24 07:42:13 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk
[2010/08/24 07:10:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
[2010/08/24 07:09:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/24 07:07:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/08/21 10:54:23 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/21 10:36:02 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/11/15 11:39:53 | 000,009,654 | -HS- | C] () -- C:\Users\new user\AppData\Local\opRSK
[2010/11/15 11:39:49 | 000,174,592 | -HS- | C] () -- C:\Users\new user\AppData\Local\pw.exe
[2010/11/07 12:43:00 | 000,000,963 | ---- | C] () -- C:\Users\new user\Desktop\Slots Galore Casino.lnk
[2010/10/28 20:34:30 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/17 14:03:09 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Regal Casino.lnk
[2010/10/12 18:05:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/09 15:45:12 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 04:27:12 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/08 18:19:32 | 000,000,951 | ---- | C] () -- C:\Users\new user\Desktop\Go Casino.lnk
[2010/08/24 07:42:13 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk
[2010/08/24 07:10:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
[2010/08/24 07:09:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/24 07:09:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/08/24 07:07:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/08/21 10:54:23 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/21 10:36:02 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 14:29:35 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2010/05/30 12:34:10 | 000,000,453 | ---- | C] () -- C:\Windows\winhelp.ini
[2009/11/05 17:22:34 | 000,001,736 | ---- | C] () -- C:\Windows\hpdj3840.ini
[2009/07/16 14:12:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/04/25 20:33:32 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/20 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\PeerNetworking
[2009/04/21 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\Southwest Airlines
[2010/09/08 18:30:39 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\VTExtra
[2010/11/14 21:31:13 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/15 05:34:08 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AFA7A386-982A-402B-A456-4FDB6DBE79EE}.job

========== Purity Check ==========

I know there is a key logger here. I put it here. 007 is what its called.
  • 0

Advertisements


#2
phillipcorcoran

phillipcorcoran

    Member 1K

  • Member
  • PipPipPipPip
  • 1,293 posts
OTL logs should only be posted on the Malware forum where trained malware experts know how to analyse them and give you sound advice. We aren't allowed to help with malware on any of the other forums.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP