Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected malware/spyware

Started by king011 , Sep 14 2011 08:31 PM

  • This topic is locked This topic is locked

#1
king011
Posted 14 September 2011 - 08:31 PM

king011

    Member

  • Member
  • PipPip
  • 58 posts
Hello,

Basically I turn my computer on and Microsoft security essentials reports to me that "Backdoor:Win32/Beastdoor.DU" has been detected, so I remove it to prevent infliction but I still suspect that the computer is a bit dodgy, shifty and inqequate in terms of being fully clean of viruses. By the way I did also get a "Backdoor:Win32/PcClient.CU!dll", last week, which I also removed. I'm not sure how and why i'm getting these viruses but would greatly appreciate your help. O'yer the OTL scan produced 2 txt files, the OTL.xt and also the extras.txt, do you want me to post the extras file to? I look forward to your reply. Many Thanks



OTL logfile created on: 15/09/2011 03:07:55 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Hussains\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 42.87% Memory free
4.24 Gb Paging File | 2.67 Gb Available in Paging File | 62.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 154.10 Gb Free Space | 69.17% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: HUSSAINS-PC | User Name: Hussains | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 03:06:42 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Hussains\Downloads\OTL (1).exe
PRC - [2011/08/23 08:04:46 | 001,636,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/08/23 08:04:46 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/04/06 14:07:42 | 000,439,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 13:28:23 | 000,400,440 | ---- | M] () -- C:\Users\Hussains\AppData\Local\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 13:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Hussains\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 13:27:02 | 000,508,984 | ---- | M] () -- C:\Users\Hussains\AppData\Local\Google\Chrome\Application\13.0.782.220\libglesv2.dll
MOD - [2011/09/03 13:27:00 | 000,107,576 | ---- | M] () -- C:\Users\Hussains\AppData\Local\Google\Chrome\Application\13.0.782.220\libegl.dll
MOD - [2011/09/03 13:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Hussains\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 13:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Hussains\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 13:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Hussains\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/09/03 11:35:01 | 006,338,720 | ---- | M] () -- C:\Users\Hussains\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011/08/23 08:06:42 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/08/09 18:15:18 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/23 08:04:46 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/04/06 14:10:56 | 000,223,704 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/04/06 14:10:22 | 000,272,856 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/04/06 14:10:08 | 000,449,496 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/04/06 14:08:58 | 000,158,168 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/04/06 14:08:36 | 000,036,312 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/04/06 14:08:24 | 000,039,896 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/04/06 14:08:14 | 000,059,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/04/06 14:07:46 | 000,313,816 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/04/06 14:06:48 | 000,256,472 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/12 10:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/14 23:28:17 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{916C29C1-18FF-4496-BDE7-56FB8029FE3A}\MpKsl572ef304.sys -- (MpKsl572ef304)
DRV - [2011/08/23 08:06:42 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/08/23 08:04:58 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/08/23 08:04:58 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/08/23 08:04:58 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/30 09:37:58 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/06/30 09:37:56 | 000,238,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/06/30 09:37:56 | 000,036,568 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/23 16:54:54 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/04/29 09:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/06 14:10:40 | 000,014,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=uk&ibd=4070823
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: No CLSID value found. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: c:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hussains\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hussains\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/09/02 14:13:07 | 000,437,206 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15040 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] c:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9C6B6EF-F0B8-4D7C-8325-36A8868F34D3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9C6B6EF-F0B8-4D7C-8325-36A8868F34D3}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8bf78371-de26-11e0-8c89-001aa091331d}\Shell - "" = AutoRun
O33 - MountPoints2\{8bf78371-de26-11e0-8c89-001aa091331d}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 20:14:58 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/09/11 03:12:59 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\WinRAR
[2011/09/11 03:12:59 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/11 03:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/11 03:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/11 02:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion Limited
[2011/09/09 02:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio MP3 Editor
[2011/09/09 02:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Audio MP3 Editor
[2011/09/08 14:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/09/08 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\uTorrent
[2011/09/08 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\uTorrent
[2011/09/08 14:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/08 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/09/08 12:12:22 | 000,000,000 | ---D | C] -- C:\VueScan
[2011/09/05 04:35:54 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\f-secure
[2011/09/05 04:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/09/05 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\DVDVideoSoft
[2011/09/04 20:29:42 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\BlackBerry
[2011/09/04 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Research In Motion
[2011/09/04 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Research In Motion
[2011/09/04 20:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011/09/04 20:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2011/09/04 20:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2011/09/04 20:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2011/09/02 17:02:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2011/09/02 14:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/02 14:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/02 14:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/28 20:19:10 | 000,000,000 | ---D | C] -- C:\extensions
[2011/08/28 20:19:03 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Conduit
[2011/08/25 05:08:27 | 000,000,000 | ---D | C] -- C:\PFiles
[2011/08/25 05:01:52 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/25 05:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/08/25 05:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/08/25 05:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/08/24 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\vlc
[2011/08/24 23:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/08/24 23:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/08/24 20:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/24 20:43:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/24 20:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/24 20:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/24 20:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/24 20:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/24 20:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/24 20:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/23 21:57:01 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\GTA Vice City User Files
[2011/08/23 21:39:42 | 000,000,000 | ---D | C] -- C:\Interesting Hack Games
[2011/08/23 19:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/08/23 17:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/23 17:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/08/23 08:04:58 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/08/22 23:53:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/08/22 23:53:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/08/22 23:53:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/08/22 23:08:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/22 21:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/08/22 21:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/08/22 21:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/22 21:06:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/08/22 21:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/08/22 21:02:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/08/22 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Microsoft Help
[2011/08/22 21:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/08/22 20:57:49 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/08/22 19:51:29 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/08/22 18:27:36 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Apple Computer
[2011/08/22 18:27:33 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Apple Computer
[2011/08/22 18:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/08/22 18:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/22 18:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/22 18:22:18 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Apple
[2011/08/22 18:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/22 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/22 18:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Test Success - The Complete Theory Test (2010-2011)
[2011/08/22 18:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Driving Test Success
[2011/08/22 18:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Driving Test Success - The Complete Theory Test (2010-2011)
[2011/08/21 20:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/08/21 20:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/08/21 20:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2011/08/21 20:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/08/21 20:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/21 20:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/21 20:01:11 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Trusteer
[2011/08/21 20:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/08/21 20:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2011/08/21 20:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/08/21 19:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2011/08/21 19:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2011/08/21 19:15:20 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\InstallShield
[2011/08/21 19:13:31 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Malwarebytes
[2011/08/21 19:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/21 19:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/21 19:13:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/21 19:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/21 19:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/08/21 19:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/08/21 19:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/08/21 18:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/08/21 18:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/08/21 18:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/08/21 18:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/08/21 18:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/21 18:36:41 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/21 18:34:32 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Apps
[2011/08/21 18:34:31 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Deployment
[2011/08/21 18:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/08/21 18:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/08/21 18:07:17 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\AdobeUM
[2011/08/21 18:06:30 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Adobe
[2011/08/21 18:06:30 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Adobe
[2011/08/21 18:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/21 18:03:34 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Macromedia
[2011/08/21 18:01:11 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Google
[2011/08/21 17:59:51 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Roxio
[2011/08/21 17:59:04 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\My Google Gadgets
[2011/08/21 17:58:47 | 000,000,000 | -H-D | C] -- C:\Users\Hussains\AppData\Roaming\GTek
[2011/08/21 17:58:45 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Google
[2011/08/21 17:58:09 | 000,000,000 | R--D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/21 17:58:09 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Searches
[2011/08/21 17:58:09 | 000,000,000 | R--D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/21 17:57:51 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Identities
[2011/08/21 17:57:42 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Contacts
[2011/08/21 17:57:40 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\VirtualStore
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\AppData\Local\Temporary Internet Files
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Templates
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Start Menu
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\SendTo
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Recent
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\PrintHood
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\NetHood
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Documents\My Videos
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Documents\My Pictures
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Documents\My Music
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\My Documents
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Local Settings
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\AppData\Local\History
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Cookies
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\Application Data
[2011/08/21 17:57:01 | 000,000,000 | -HSD | C] -- C:\Users\Hussains\AppData\Local\Application Data
[2011/08/21 17:57:00 | 000,000,000 | --SD | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Videos
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Saved Games
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Pictures
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Music
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Links
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Favorites
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Downloads
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Documents
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\Desktop
[2011/08/21 17:57:00 | 000,000,000 | R--D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/21 17:57:00 | 000,000,000 | -H-D | C] -- C:\Users\Hussains\AppData
[2011/08/21 17:57:00 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Temp
[2011/08/21 17:57:00 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Microsoft
[2011/08/21 17:57:00 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Media Center Programs
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/08/21 17:52:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/08/21 17:49:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/15 02:58:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 02:58:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 02:50:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001UA.job
[2011/09/15 01:25:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/14 23:02:56 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/14 23:02:56 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/14 22:58:50 | 000,035,949 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/14 22:58:49 | 000,035,949 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/14 22:58:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/14 22:58:19 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/14 18:54:10 | 000,022,016 | ---- | M] () -- C:\Users\Hussains\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 17:29:48 | 000,002,627 | ---- | M] () -- C:\Users\Hussains\Desktop\Microsoft Office Word 2007.lnk
[2011/09/11 05:50:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001Core.job
[2011/09/09 02:53:55 | 000,000,794 | ---- | M] () -- C:\Users\Hussains\Desktop\Audio MP3 Editor.lnk
[2011/09/08 15:41:56 | 000,000,806 | ---- | M] () -- C:\Users\Hussains\Desktop\uTorrent - Shortcut.lnk
[2011/09/08 14:07:29 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/05 01:49:03 | 000,001,107 | ---- | M] () -- C:\Users\Hussains\Desktop\Free YouTube Download.lnk
[2011/09/04 20:16:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/09/04 20:16:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/09/04 20:11:30 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2011/09/03 22:46:09 | 000,002,059 | ---- | M] () -- C:\Users\Hussains\Desktop\Google Chrome.lnk
[2011/09/03 22:46:09 | 000,002,021 | ---- | M] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/02 14:13:07 | 000,437,206 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/02 14:12:34 | 000,437,206 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110902-141306.backup
[2011/09/02 14:06:22 | 000,001,057 | ---- | M] () -- C:\Users\Hussains\Desktop\Spybot - Search & Destroy.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/29 01:16:20 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/29 00:14:34 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/25 05:01:38 | 000,001,193 | ---- | M] () -- C:\Users\Hussains\Desktop\Free YouTube to MP3 Converter.lnk
[2011/08/24 23:55:49 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/24 20:43:19 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/24 20:40:45 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 21:44:43 | 000,000,996 | ---- | M] () -- C:\Users\Hussains\Desktop\GTA Vice ultimate Trainer.lnk
[2011/08/23 21:44:43 | 000,000,899 | ---- | M] () -- C:\Users\Hussains\Desktop\Grand Thief Auto Vice City 2005.lnk
[2011/08/23 19:18:27 | 000,343,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/23 18:11:32 | 000,000,945 | ---- | M] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/23 18:06:44 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/23 18:06:44 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/23 16:58:40 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/23 08:04:58 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/08/23 01:49:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/22 23:50:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/22 18:45:46 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011/08/22 18:45:42 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011/08/22 18:27:17 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/08/22 18:07:54 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Driving Test Success - The Complete Theory Test.lnk
[2011/08/21 23:18:11 | 033,751,040 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/21 23:18:11 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/21 23:18:11 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/21 22:42:25 | 000,073,783 | ---- | M] () -- C:\Users\Hussains\Desktop\error.jpg
[2011/08/21 22:27:41 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2011/08/21 22:18:52 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/08/21 22:18:47 | 000,015,181 | ---- | M] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2011/08/21 20:12:16 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/08/21 20:12:09 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/08/21 19:20:01 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/08/21 19:12:15 | 000,000,814 | ---- | M] () -- C:\Users\Hussains\Desktop\SpywareBlaster.lnk
[2011/08/21 18:55:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/12 16:44:07 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/09 02:53:55 | 000,000,794 | ---- | C] () -- C:\Users\Hussains\Desktop\Audio MP3 Editor.lnk
[2011/09/08 15:41:56 | 000,000,806 | ---- | C] () -- C:\Users\Hussains\Desktop\uTorrent - Shortcut.lnk
[2011/09/08 14:07:29 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/08 14:07:29 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/05 01:49:03 | 000,001,107 | ---- | C] () -- C:\Users\Hussains\Desktop\Free YouTube Download.lnk
[2011/09/04 20:16:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/09/04 20:16:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/09/04 20:16:19 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/09/04 20:11:30 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2011/09/02 14:06:22 | 000,001,057 | ---- | C] () -- C:\Users\Hussains\Desktop\Spybot - Search & Destroy.lnk
[2011/08/25 05:01:38 | 000,001,193 | ---- | C] () -- C:\Users\Hussains\Desktop\Free YouTube to MP3 Converter.lnk
[2011/08/24 23:55:49 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/24 20:43:19 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/24 20:40:45 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/23 21:41:27 | 000,000,996 | ---- | C] () -- C:\Users\Hussains\Desktop\GTA Vice ultimate Trainer.lnk
[2011/08/23 21:41:27 | 000,000,899 | ---- | C] () -- C:\Users\Hussains\Desktop\Grand Thief Auto Vice City 2005.lnk
[2011/08/23 16:58:40 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/23 01:49:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/22 23:50:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/22 21:28:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/22 21:27:59 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/08/22 21:21:55 | 000,002,627 | ---- | C] () -- C:\Users\Hussains\Desktop\Microsoft Office Word 2007.lnk
[2011/08/22 21:13:04 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/08/22 21:13:01 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/08/22 21:12:48 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/08/22 21:12:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/22 21:12:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/22 21:12:41 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/08/22 21:12:30 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/08/22 21:12:00 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/08/22 21:11:53 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/08/22 21:09:25 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/08/22 21:08:59 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/08/22 20:58:22 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/08/22 20:58:22 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/08/22 20:58:21 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/08/22 20:06:35 | 000,000,951 | ---- | C] () -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/22 18:27:17 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/08/22 18:27:17 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/08/22 18:22:15 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/22 18:07:54 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Driving Test Success - The Complete Theory Test.lnk
[2011/08/22 14:46:24 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2011/08/22 14:46:22 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2011/08/22 14:46:13 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2011/08/21 22:42:25 | 000,073,783 | ---- | C] () -- C:\Users\Hussains\Desktop\error.jpg
[2011/08/21 22:27:41 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2011/08/21 22:18:52 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/08/21 22:18:47 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2011/08/21 20:46:42 | 033,751,040 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/21 20:46:42 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/21 20:46:42 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/21 20:12:16 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/08/21 20:12:09 | 000,001,704 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/08/21 20:11:16 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/21 19:20:01 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/08/21 19:15:27 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/08/21 19:15:27 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/08/21 19:15:27 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/08/21 19:15:27 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/08/21 19:15:27 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/08/21 19:15:27 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/08/21 19:15:27 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/08/21 19:15:27 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/08/21 19:15:27 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2011/08/21 19:15:27 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2011/08/21 19:15:27 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2011/08/21 19:15:27 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2011/08/21 19:15:27 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/08/21 19:15:27 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2011/08/21 19:15:27 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2011/08/21 19:15:27 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/08/21 19:15:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/08/21 19:15:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/08/21 19:15:27 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/08/21 19:15:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/08/21 19:15:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/08/21 19:15:27 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/08/21 19:15:27 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/08/21 19:15:27 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/08/21 19:15:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/08/21 19:15:26 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2011/08/21 19:15:26 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2011/08/21 19:15:26 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2011/08/21 19:15:26 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2011/08/21 19:15:26 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2011/08/21 19:15:26 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2011/08/21 19:15:26 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2011/08/21 19:13:10 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/21 19:12:15 | 000,000,814 | ---- | C] () -- C:\Users\Hussains\Desktop\SpywareBlaster.lnk
[2011/08/21 18:55:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/08/21 18:39:33 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/21 18:39:17 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/08/21 18:36:49 | 000,002,059 | ---- | C] () -- C:\Users\Hussains\Desktop\Google Chrome.lnk
[2011/08/21 18:36:49 | 000,002,021 | ---- | C] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/21 18:35:04 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001UA.job
[2011/08/21 18:34:59 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001Core.job
[2011/08/21 18:19:23 | 000,022,016 | ---- | C] () -- C:\Users\Hussains\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/21 18:11:06 | 000,035,949 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/08/21 18:11:06 | 000,035,949 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/08/21 18:01:15 | 000,000,945 | ---- | C] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/21 17:58:08 | 000,000,946 | ---- | C] () -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/08/21 17:57:41 | 000,000,917 | ---- | C] () -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/08/21 17:57:00 | 000,000,258 | ---- | C] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/21 17:57:00 | 000,000,240 | ---- | C] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2006/11/10 14:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,343,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== LOP Check ==========

[2011/09/05 01:49:18 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\DVDVideoSoft
[2011/09/05 01:49:09 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/09/05 04:35:54 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\f-secure
[2011/09/04 20:14:58 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\Research In Motion
[2011/09/10 08:03:08 | 000,000,000 | ---D | M] -- C:\Users\Hussains\AppData\Roaming\uTorrent
[2011/09/14 20:44:02 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
king011
Posted 17 September 2011 - 08:10 AM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Bump
Apologies if you feel I'm being impatient.
  • 0

#3
maliprog
Posted 18 September 2011 - 11:42 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello king011 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 3

Please don't forget to include these items in your reply:

  • AVP log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#4
king011
Posted 19 September 2011 - 04:12 PM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello,

Thanks for the reply.

I've completed the AVP scan and detected nothing, so no log for that.

Just realised the aswMBR scan has operated a quick scan (log posted below), is that fine or should I change that to scan the C hard drive.

I look forward to your reply.
Thanks

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-19 22:58:23
-----------------------------
22:58:23.593 OS Version: Windows 6.0.6002 Service Pack 2
22:58:23.594 Number of processors: 2 586 0xF02
22:58:23.595 ComputerName: HUSSAINS-PC UserName: Hussains
22:58:26.596 Initialize success
22:59:40.294 AVAST engine defs: 11091901
22:59:58.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
22:59:58.230 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
23:00:00.248 Disk 0 MBR read successfully
23:00:00.252 Disk 0 MBR scan
23:00:00.301 Disk 0 Windows VISTA default MBR code
23:00:00.322 Disk 0 scanning sectors +488278016
23:00:00.419 Disk 0 scanning C:\Windows\system32\drivers
23:00:17.147 Service scanning
23:00:19.054 Service MpKsl76fd2b54 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF1E1203-590F-48AD-BD1C-1031046F65BF}\MpKsl76fd2b54.sys **LOCKED** 32
23:00:19.061 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
23:00:20.144 Modules scanning
23:00:25.131 Disk 0 trace - called modules:
23:00:25.159 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:00:25.506 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f47368]
23:00:25.513 3 CLASSPNP.SYS[889b58b3] -> nt!IofCallDriver -> [0x84e86918]
23:00:25.520 5 acpi.sys[8068c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x84e84b98]
23:00:26.724 AVAST engine scan C:\Windows
23:00:30.400 AVAST engine scan C:\Windows\system32
23:03:47.289 AVAST engine scan C:\Windows\system32\drivers
23:04:06.855 AVAST engine scan C:\Users\Hussains
23:04:27.023 File: C:\Users\Hussains\AppData\Local\Google\Chrome\User Data\Default\Preferences **SUSPICIOUS**
23:06:51.543 AVAST engine scan C:\ProgramData
23:07:50.244 Scan finished successfully
23:08:12.116 Disk 0 MBR has been saved successfully to "C:\Users\Hussains\Desktop\MBR.dat"
23:08:12.147 The log file has been saved successfully to "C:\Users\Hussains\Desktop\aswMBR.txt"
  • 0

#5
maliprog
Posted 19 September 2011 - 11:16 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

You did good job! Don't change anything if I don't say so.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
king011
Posted 20 September 2011 - 04:16 PM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello,

As I already had malwarebytes', I did the update, quick scan and the result was that noting was detected, which is why I haven't posted the log that basically illustrates that the scan detected nothing.


I look forward to your response.

Thanks
King011
  • 0

#7
maliprog
Posted 20 September 2011 - 11:04 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

How is your system now? Any problems?
  • 0

#8
king011
Posted 21 September 2011 - 10:52 AM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello,

Thanks for the response.

System is a bit glitchy and slow but that's just Vista on a normal basis but when I turned my computer on today Microsoft security essentials reported to me that it detected "TrojanDownloader:Win32/Agent.IS ", so I removed it and now I am running a full scan with malwarebytes in order to discover if any other malware exists.

Is there anything you recommend that will help to make my computer free of malicious malware, spyware or any other malicious material?

You help and time is very much appreciated.
Many thanks.
King011
  • 0

#9
maliprog
Posted 21 September 2011 - 11:41 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That is very strange. Please report here what did MSE find after full scan. If it comes out clean I'll call this one solved and post recommendation for you.
  • 0

#10
king011
Posted 21 September 2011 - 04:46 PM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello,

The MSE scan did not detect anything; does this mean my computer is completely free of malicious spyware and malware, if so brilliant or if not do I need to conduct further assessment?

Thanks
King011
  • 0

Advertisements

#11
maliprog
Posted 21 September 2011 - 11:12 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

If you don't have any problems then we removed it! Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
king011
Posted 22 September 2011 - 02:33 PM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello,

Thanks for your reply.

I followed and completed the above steps. Should I leave the TFC software on my desktop? Is the update filehippo checker safe? Also I have MSE,Comodo firewall and malwarebytee is it alright if I leave Spybot - Search & Destroy on my computer as another method of scanning for malicious files?

Apologies if the questions are a bit of a bombardment.

I usually use ccleaner after every time I finish using the computer in order to remove malicious files that I may of download etc. However I clicked on the registry section and it found a lot of missing or invalid registries; should I be vigilant towards this? ( I know this probably isn't your area of expertise, so if you cant help never mind)

I look forward to your reply.

Many thanks
King011
  • 0

#13
maliprog
Posted 22 September 2011 - 11:36 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

First your questions...

Should I leave the TFC software on my desktop?


You can leave TFC to use it on regular basics. Just like CCleaner to remove temp files from your system.

Is the update filehippo checker safe?


Yes. It only checks for new version of software that you already have on your system.

Also I have MSE,Comodo firewall and malwarebytee is it alright if I leave Spybot - Search & Destroy on my computer as another method of scanning for malicious files?


You can leave Spybot - Search & Destroy if you like it. You also have good protection without it so if you don't like it so much you can remove it.

I usually use CCleaner after every time I finish using the computer in order to remove malicious files that I may of download etc. However I clicked on the registry section and it found a lot of missing or invalid registries; should I be vigilant towards this? ( I know this probably isn't your area of expertise, so if you cant help never mind)


My advice to you is to use CCleaner only to remove temp files. Don't use it as registry cleaner... don't use any registry cleaner because you won't get anything and there is great chance to ruin your system with one wrong click. I never use registry cleaners and I'm just fine without them.

Hope this helps. Goodbye and stay safe :)
  • 0

#14
king011
Posted 23 September 2011 - 03:47 AM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello,

Thanks for answering all my above questions, I've got a better understanding now and will stay clear of removing any registries.

The only question i have now is that if MSE detects malicious malware/spyware, should I run malwarebytes full scan and will this be enough to make sure my computer is completely clean in terms of having no malware or spyware?

Also is it fine if I run Defraggler every week or month?

Thanks
King011

Edited by king011, 23 September 2011 - 03:51 AM.

  • 0

#15
maliprog
Posted 23 September 2011 - 03:52 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If MSE detect malware then you can do MSE Quick Scan and Malwarebytes Quick Scan. That should do it.

Run Defraggler every month. There is no need to do it every week.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP