Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Malware

Started by king011 , Oct 20 2011 08:31 AM

  • This topic is locked This topic is locked

#16
king011
Posted 01 November 2011 - 06:13 AM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

Thanks for the reply.

I knew how to check the location of malware in MSE and like I said in my previous reply, the location is not stated because the malware has been removed however if it was quarantined or still active then the location would be stated. :)

I ran ComboFix following the instructions exactly and the performance has got better but still glitchy. :yes:

Also if you don't mind me asking, did ComnoFix detect or remove anything malicious ?


When I restarted the computer after ComboFix, MSE detected Backdoor:Win32/PcClient............ :)

Many Thanks
King011

Edited by king011, 01 November 2011 - 08:55 AM.

  • 0

Advertisements

#17
king011
Posted 01 November 2011 - 06:14 AM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
ComboFix 11-11-01.02 - Hussains 01/11/2011 11:37:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1129 [GMT 0:00]
Running from: c:\users\Hussains\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Hussains\l4ry11vl.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 11:44 . 2011-11-01 11:44 -------- d-----w- c:\users\Hussains\AppData\Local\temp
2011-11-01 11:13 . 2011-11-01 11:13 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D236812-6CE8-4464-AB6E-DC92942790B4}\MpKslf7e98562.sys
2011-11-01 11:13 . 2011-11-01 11:13 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D236812-6CE8-4464-AB6E-DC92942790B4}\offreg.dll
2011-10-31 16:37 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D236812-6CE8-4464-AB6E-DC92942790B4}\mpengine.dll
2011-10-27 13:28 . 2011-10-27 13:28 7168 ----a-w- c:\windows\system32\drivers\uti5mzy3.sys
2011-10-25 17:15 . 2011-10-25 17:14 302592 ----a-w- C:\mf3q6bjw.exe
2011-10-25 17:09 . 2011-10-25 17:09 -------- d-----w- C:\_OTL
2011-10-21 11:01 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-20 13:45 . 2011-10-20 13:45 -------- d-----w- c:\program files\EASEUS
2011-10-17 21:45 . 2011-10-17 21:45 53248 ----a-r- c:\users\Hussains\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-10-17 21:43 . 2011-10-17 21:43 -------- d-----w- c:\users\Hussains\AppData\Local\Downloaded Installations
2011-10-12 20:04 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 20:04 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 20:04 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 20:04 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 20:04 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 20:04 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 20:04 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 20:04 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 20:04 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 20:03 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 17:43 . 2011-10-12 17:43 -------- d-----w- c:\program files\iPod
2011-10-12 17:43 . 2011-10-12 17:44 -------- d-----w- c:\program files\iTunes
2011-10-12 17:35 . 2011-10-12 17:35 -------- d-----w- c:\program files\Bonjour
2011-10-08 12:18 . 2011-10-08 12:18 -------- d-----w- c:\program files\DreamBoxEdit
2011-10-08 12:16 . 2011-10-08 12:17 -------- d-----w- c:\program files\FlashFXP 4
2011-10-08 12:16 . 2011-10-08 12:16 -------- d-----w- c:\programdata\FlashFXP
2011-10-08 11:59 . 2011-10-08 11:59 -------- d-----w- c:\program files\TeamViewer
2011-10-06 18:25 . 2011-10-06 18:25 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 14:28 . 2011-08-21 17:05 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-13 19:42 . 2011-08-23 18:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 17:47 . 2011-06-30 08:37 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:47 . 2011-06-30 08:37 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:47 . 2011-06-30 08:37 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-06-30 08:37 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-06-30 08:37 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-07 03:48 . 2011-08-21 23:44 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-08-31 16:00 . 2011-08-21 18:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-23 15:58 . 2011-08-23 15:58 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-23 15:58 . 2011-08-23 15:58 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-23 15:58 . 2011-08-23 15:58 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-23 15:58 . 2011-08-23 15:58 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-23 15:58 . 2011-08-23 15:58 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-23 15:58 . 2011-08-23 15:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-23 15:58 . 2011-08-23 15:58 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-23 15:58 . 2011-08-23 15:58 367104 ----a-w- c:\windows\system32\html.iec
2011-08-23 15:58 . 2011-08-23 15:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-23 15:58 . 2011-08-23 15:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-23 15:58 . 2011-08-23 15:58 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-23 15:58 . 2011-08-23 15:58 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-23 15:58 . 2011-08-23 15:58 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-23 15:58 . 2011-08-23 15:58 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-23 15:58 . 2011-08-23 15:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-23 15:58 . 2011-08-23 15:58 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-23 15:58 . 2011-08-23 15:58 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-23 15:58 . 2011-08-23 15:58 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-23 15:55 . 2011-08-23 15:55 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-08-23 15:55 . 2011-08-23 15:55 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-23 15:55 . 2011-08-23 15:55 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-23 15:55 . 2011-08-23 15:55 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-23 15:55 . 2011-08-23 15:55 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-23 15:55 . 2011-08-23 15:55 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-08-23 15:55 . 2011-08-23 15:55 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-23 15:55 . 2011-08-23 15:55 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-22 17:45 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-22 17:45 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-08-21 23:35 . 2011-08-21 23:35 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-21 23:31 . 2011-08-21 23:31 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-08-21 21:33 . 2011-08-21 21:33 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-21 21:33 . 2011-08-21 21:33 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-21 21:28 . 2011-08-21 21:28 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-21 21:28 . 2011-08-21 21:28 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-21 21:22 . 2011-08-21 21:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-21 21:22 . 2011-08-21 21:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-21 21:22 . 2011-08-21 21:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-21 21:22 . 2011-08-21 21:22 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-21 21:22 . 2011-08-21 21:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-21 21:22 . 2011-08-21 21:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-21 21:22 . 2011-08-21 21:22 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-21 21:22 . 2011-08-21 21:22 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-21 21:18 . 2011-08-21 21:18 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-21 21:18 . 2011-08-21 21:18 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-21 21:18 . 2011-08-21 21:18 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-21 21:18 . 2011-08-21 21:18 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-21 21:18 . 2011-08-21 21:18 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-21 21:18 . 2011-08-21 21:18 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-21 21:18 . 2011-08-21 21:18 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-21 21:17 . 2011-08-21 21:17 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-21 21:17 . 2011-08-21 21:17 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-08-21 21:17 . 2011-08-21 21:17 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-08-21 21:16 . 2011-08-21 21:16 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-21 21:13 . 2011-08-21 21:13 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-21 21:13 . 2011-08-21 21:13 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-21 21:13 . 2011-08-21 21:13 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-21 21:08 . 2011-08-21 21:08 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-21 21:01 . 2011-08-21 21:01 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-21 20:59 . 2011-08-21 20:59 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-21 20:59 . 2011-08-21 20:59 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-21 20:56 . 2011-08-21 20:56 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-08-21 20:46 . 2011-08-21 20:46 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-21 20:41 . 2011-08-21 20:41 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-08-21 20:40 . 2011-08-21 20:40 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-21 20:40 . 2011-08-21 20:40 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-21 20:40 . 2011-08-21 20:40 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-21 20:40 . 2011-08-21 20:40 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-21 20:40 . 2011-08-21 20:40 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-21 20:40 . 2011-08-21 20:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-21 20:37 . 2011-08-21 20:37 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2011-08-21 20:37 . 2011-08-21 20:37 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2011-08-21 20:37 . 2011-08-21 20:37 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2011-08-21 20:37 . 2011-08-21 20:37 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2011-08-21 20:37 . 2011-08-21 20:37 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2011-08-21 20:37 . 2011-08-21 20:37 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2011-08-21 20:37 . 2011-08-21 20:37 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2011-08-21 20:37 . 2011-08-21 20:37 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2011-08-21 20:37 . 2011-08-21 20:37 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2011-08-21 20:37 . 2011-08-21 20:37 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2011-08-21 20:37 . 2011-08-21 20:37 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2011-08-21 20:37 . 2011-08-21 20:37 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2011-08-21 20:37 . 2011-08-21 20:37 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2011-08-21 20:37 . 2011-08-21 20:37 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2011-08-21 20:37 . 2011-08-21 20:37 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2011-08-21 20:37 . 2011-08-21 20:37 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2011-08-21 20:37 . 2011-08-21 20:37 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-04-06 439768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 11:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 17:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKslf7c071c8;MpKslf7c071c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A11BFF2B-2CB5-45A4-BBF0-2DDF5C224FF6}\MpKslf7c071c8.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2007-04-06 36312]
R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 39896]
R3 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-04-06 313816]
R3 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-04-06 272856]
R3 uti5mzy3;AVZ Kernel Driver;c:\windows\system32\Drivers\uti5mzy3.sys [2011-10-27 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-25 56336]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 38616]
S1 MpKslf7e98562;MpKslf7e98562;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D236812-6CE8-4464-AB6E-DC92942790B4}\MpKslf7e98562.sys [2011-11-01 28752]
S1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-25 70416]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-25 161936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-09-25 919352]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-08-23 5504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF7E98562
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001Core.job
- c:\users\Hussains\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 17:34]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001UA.job
- c:\users\Hussains\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4070823
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C9C6B6EF-F0B8-4D7C-8325-36A8868F34D3}: NameServer = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-01 11:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Hussains\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\guard32.dll
.
Completion time: 2011-11-01 11:47:34
ComboFix-quarantined-files.txt 2011-11-01 11:47
.
Pre-Run: 165,155,377,152 bytes free
Post-Run: 165,112,926,208 bytes free
.
- - End Of File - - 31A2A9776D1FBFAD1BDB53A93522AC26
  • 0

#18
maliprog
Posted 02 November 2011 - 12:33 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

Step 1

You have more than one antivirus programs on your PC. This could cause us this problems too.

Microsoft Security Essentials and COMODO Internet Security

Please leave only one antivirus protection on your system and remove all other.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Step 2

After you remove one of your antivirus software let's try Free Avast.

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

Report here to me did it found something and did it remove it.
  • 0

#19
king011
Posted 02 November 2011 - 05:00 AM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

Comodo is only used for firewall and the Comodo internet security is disabled and MSE is used for malware protection, does this still make a difference?


Many Thanks
King011
  • 0

#20
maliprog
Posted 02 November 2011 - 05:59 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If you use it as firewall than leave it. Please run Avast Boot scan and come back with results.
  • 0

#21
king011
Posted 02 November 2011 - 07:29 AM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

So just to be clear, do you want me to remove MSE and install avast Antivirus 6 instead?


Thanks
King011

Edited by king011, 02 November 2011 - 07:33 AM.

  • 0

#22
maliprog
Posted 02 November 2011 - 07:51 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
No. Leave MSE because we will use Avast only temporarily.
  • 0

#23
king011
Posted 02 November 2011 - 04:26 PM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello Maliprog,

I did the boot-time Avast scan and it didn't detect anything and also did not take much time either. :)

By the way Avast is running with no real time protection does that still conflict with MSE and Comodo firewall, if so or not should I uninstall Aavst now?

Thanks
King011

Edited by king011, 02 November 2011 - 04:29 PM.

  • 0

#24
maliprog
Posted 03 November 2011 - 12:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can now uninstall Avast. Test your system after this and see if you stil get malware warnings.

I'm going to business trip for 3 days. I don't know if I would have Internet access in my hotel room. If I don't reply to you please excuse me for couple of days until I come back. Hope you'll understand and you'll wait for my reply.

Best regards
  • 0

#25
king011
Posted 03 November 2011 - 08:32 AM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

No malware detection yet, but still a slow computer in all aspects.

No worries what so ever, enjoy the business trip and I appreciate your help as it is, so there's no need to justify that.

Would you say that the computer is safe to use for email and other passwords related activities?


Look forward to your reply.

Many Thanks
King011

Edited by king011, 03 November 2011 - 08:33 AM.

  • 0

Advertisements

#26
maliprog
Posted 07 November 2011 - 12:35 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

Let's try to speed things up.

Step 1

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

Run the tool and it will disable all unnecessary sturtup entries.
Click on Continue button to save changes.

Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image
  • 0

#27
king011
Posted 07 November 2011 - 03:07 PM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

Many thanks for your reply.

My computer is now starting to detect malware,

Many Thanks

King011
  • 0

#28
maliprog
Posted 08 November 2011 - 12:27 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

That is strange. Only MSE detect malware... Let's do fresh OTL scan

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Scan All User" checkbox
  • Change "Extra Registry" option to "SafeList"
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.

  • 0

#29
king011
Posted 08 November 2011 - 12:25 PM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

Would you say that the computer is safe to use for email and other passwords related activities and could the malware have stolen any files on the computer?

Many Thanks
King011
  • 0

#30
king011
Posted 08 November 2011 - 12:25 PM

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTL logfile created on: 08/11/2011 18:10:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hussains\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.65% Memory free
4.23 Gb Paging File | 3.23 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 155.69 Gb Free Space | 69.89% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: HUSSAINS-PC | User Name: Hussains | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 17:34:44 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/01 17:34:44 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/25 17:00:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hussains\Desktop\OTL.exe
PRC - [2011/10/20 11:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/08/30 16:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/04/06 13:07:42 | 000,439,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 17:36:30 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/01 17:34:44 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/30 16:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/04/06 13:10:56 | 000,223,704 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/04/06 13:10:22 | 000,272,856 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/04/06 13:10:08 | 000,449,496 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/04/06 13:08:58 | 000,158,168 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/04/06 13:08:36 | 000,036,312 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/04/06 13:08:24 | 000,039,896 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/04/06 13:08:14 | 000,059,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/04/06 13:07:46 | 000,313,816 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/04/06 13:06:48 | 000,256,472 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)


========== Driver Services (SafeList) ==========

DRV - [2011/11/08 17:24:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{74515B20-4D7E-42FF-8BF7-3ABF17350892}\MpKslebfdc723.sys -- (MpKslebfdc723)
DRV - [2011/11/01 17:36:30 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011/11/01 17:36:28 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/01 17:34:56 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/01 17:34:56 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/01 17:34:56 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/10/27 13:28:50 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uti5mzy3.sys -- (uti5mzy3)
DRV - [2011/10/07 17:47:45 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/10/07 17:47:43 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 17:47:42 | 000,488,208 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/24 04:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/23 15:54:54 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/04/29 08:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/06 13:10:40 | 000,014,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/18 19:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2072669260-3456327829-1688835100-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=uk&ibd=4070823
IE - HKU\S-1-5-21-2072669260-3456327829-1688835100-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hussains\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hussains\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hussains\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Hussains\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hussains\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Hussains\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = c:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/01 11:44:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2072669260-3456327829-1688835100-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2072669260-3456327829-1688835100-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hussains\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9C6B6EF-F0B8-4D7C-8325-36A8868F34D3}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9C6B6EF-F0B8-4D7C-8325-36A8868F34D3}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 17:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/02 17:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/01 17:34:56 | 000,064,272 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/01 14:48:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/01 11:47:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/01 11:47:36 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\temp
[2011/11/01 11:35:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/01 11:35:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/01 11:35:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/01 11:35:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/01 11:35:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/01 11:35:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/01 11:29:37 | 004,280,289 | R--- | C] (Swearware) -- C:\Users\Hussains\Desktop\ComboFix.exe
[2011/10/31 10:58:47 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Hussains\Desktop\aswMBR.exe
[2011/10/31 10:55:27 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Desktop\tdsskiller
[2011/10/29 16:47:08 | 072,785,416 | ---- | C] (Microsoft Corporation) -- C:\Users\Hussains\Desktop\msert.exe
[2011/10/25 17:09:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/25 17:00:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hussains\Desktop\OTL.exe
[2011/10/23 18:53:14 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\Corrupted files from memory stick
[2011/10/21 11:01:47 | 000,033,984 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2011/10/20 15:30:47 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Doctor Recovery
[2011/10/20 13:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/10/20 13:13:49 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\KU
[2011/10/17 21:43:16 | 000,000,000 | ---D | C] -- C:\Users\Hussains\AppData\Local\Downloaded Installations
[2011/10/12 20:11:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/12 20:11:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/12 20:11:14 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/12 20:11:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/12 20:11:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/12 20:04:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 20:04:29 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 20:04:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 20:04:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 20:04:26 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 20:04:18 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 20:04:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/12 17:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 17:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 17:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 17:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 16:54:27 | 000,000,000 | ---D | C] -- C:\Users\Hussains\Documents\Theory Test

========== Files - Modified Within 30 Days ==========

[2011/11/08 17:55:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001UA.job
[2011/11/08 17:55:05 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001Core.job
[2011/11/08 17:27:38 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/08 17:27:37 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/08 17:21:39 | 000,035,949 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/11/08 17:21:38 | 000,035,949 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/11/08 17:21:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 17:21:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 17:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 17:21:06 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 16:48:51 | 000,002,305 | ---- | M] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/02 17:46:55 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/01 17:34:56 | 000,064,272 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/01 11:44:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/01 11:29:45 | 004,280,289 | R--- | M] (Swearware) -- C:\Users\Hussains\Desktop\ComboFix.exe
[2011/10/31 11:23:20 | 000,000,512 | ---- | M] () -- C:\Users\Hussains\Desktop\MBR.dat
[2011/10/31 10:58:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Hussains\Desktop\aswMBR.exe
[2011/10/31 10:53:49 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/30 20:26:49 | 000,002,627 | ---- | M] () -- C:\Users\Hussains\Desktop\Microsoft Office Word 2007.lnk
[2011/10/29 19:56:17 | 000,002,059 | ---- | M] () -- C:\Users\Hussains\Desktop\Google Chrome.lnk
[2011/10/29 19:56:17 | 000,002,021 | ---- | M] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/29 16:50:27 | 072,785,416 | ---- | M] (Microsoft Corporation) -- C:\Users\Hussains\Desktop\msert.exe
[2011/10/27 13:28:50 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\uti5mzy3.sys
[2011/10/27 13:22:37 | 098,844,288 | ---- | M] () -- C:\Users\Hussains\Desktop\setup_11.0.0.1245.x01_2011_10_27_15_47.exe
[2011/10/25 17:14:59 | 000,302,592 | ---- | M] () -- C:\mf3q6bjw.exe
[2011/10/25 17:00:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hussains\Desktop\OTL.exe
[2011/10/24 11:54:45 | 000,023,552 | ---- | M] () -- C:\Users\Hussains\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 14:28:05 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/10/22 14:28:05 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/22 14:28:05 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/22 14:28:05 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/20 21:46:35 | 000,000,680 | ---- | M] () -- C:\Users\Hussains\AppData\Local\d3d9caps.dat
[2011/10/13 19:42:46 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/13 16:55:45 | 000,016,586 | ---- | M] () -- C:\Users\Hussains\Desktop\45144009_12_f.jpg
[2011/10/12 20:30:36 | 000,427,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/12 17:46:14 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/12 17:44:53 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 20:02:18 | 000,017,033 | ---- | M] () -- C:\Users\Hussains\Desktop\adidas-f50-adizero-synthetic-fg-boots-black-us10-.jpg
[2011/10/11 19:49:20 | 000,011,455 | ---- | M] () -- C:\Users\Hussains\Desktop\Receipt of boots.jpg
[2011/10/11 19:40:14 | 000,104,422 | ---- | M] () -- C:\Users\Hussains\Desktop\Screenshot 4.jpg
[2011/10/11 19:39:49 | 000,103,334 | ---- | M] () -- C:\Users\Hussains\Desktop\Screenshot 3.jpg
[2011/10/11 19:39:09 | 000,140,441 | ---- | M] () -- C:\Users\Hussains\Desktop\Screenshot 2.jpg
[2011/10/11 19:39:02 | 000,140,441 | ---- | M] () -- C:\Users\Hussains\Desktop\Screenshot.jpg
[2011/10/11 18:53:22 | 000,083,443 | ---- | M] () -- C:\Users\Hussains\Desktop\IMG00041-20111011-2053.jpg
[2011/10/11 18:53:10 | 000,081,458 | ---- | M] () -- C:\Users\Hussains\Desktop\IMG00040-20111011-2053.jpg

========== Files Created - No Company Name ==========

[2011/11/01 11:35:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/01 11:35:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/01 11:35:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/01 11:35:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/01 11:35:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/31 11:23:20 | 000,000,512 | ---- | C] () -- C:\Users\Hussains\Desktop\MBR.dat
[2011/10/27 13:28:46 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\uti5mzy3.sys
[2011/10/27 13:20:56 | 098,844,288 | ---- | C] () -- C:\Users\Hussains\Desktop\setup_11.0.0.1245.x01_2011_10_27_15_47.exe
[2011/10/25 17:15:04 | 000,302,592 | ---- | C] () -- C:\mf3q6bjw.exe
[2011/10/13 16:55:52 | 000,016,586 | ---- | C] () -- C:\Users\Hussains\Desktop\45144009_12_f.jpg
[2011/10/12 17:46:14 | 000,002,305 | ---- | C] () -- C:\Users\Hussains\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/12 17:44:53 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 20:02:18 | 000,017,033 | ---- | C] () -- C:\Users\Hussains\Desktop\adidas-f50-adizero-synthetic-fg-boots-black-us10-.jpg
[2011/10/11 19:56:52 | 000,083,443 | ---- | C] () -- C:\Users\Hussains\Desktop\IMG00041-20111011-2053.jpg
[2011/10/11 19:56:52 | 000,081,458 | ---- | C] () -- C:\Users\Hussains\Desktop\IMG00040-20111011-2053.jpg
[2011/10/11 19:49:06 | 000,011,455 | ---- | C] () -- C:\Users\Hussains\Desktop\Receipt of boots.jpg
[2011/10/11 19:40:14 | 000,104,422 | ---- | C] () -- C:\Users\Hussains\Desktop\Screenshot 4.jpg
[2011/10/11 19:39:49 | 000,103,334 | ---- | C] () -- C:\Users\Hussains\Desktop\Screenshot 3.jpg
[2011/10/11 19:39:08 | 000,140,441 | ---- | C] () -- C:\Users\Hussains\Desktop\Screenshot 2.jpg
[2011/10/11 19:38:33 | 000,140,441 | ---- | C] () -- C:\Users\Hussains\Desktop\Screenshot.jpg
[2011/09/22 08:20:56 | 000,000,680 | ---- | C] () -- C:\Users\Hussains\AppData\Local\d3d9caps.dat
[2011/08/22 20:28:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/22 20:12:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/22 20:12:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/21 18:15:27 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/08/21 18:15:27 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/08/21 18:15:27 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/08/21 18:15:27 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/08/21 18:15:27 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/08/21 18:15:27 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/08/21 18:15:27 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/08/21 18:15:27 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/08/21 18:15:27 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/08/21 18:15:27 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/08/21 18:15:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/08/21 18:15:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/08/21 18:15:27 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/08/21 18:15:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/08/21 18:15:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/08/21 18:15:27 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/08/21 18:15:27 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/08/21 18:15:27 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/08/21 18:15:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/08/21 17:19:23 | 000,023,552 | ---- | C] () -- C:\Users\Hussains\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/21 17:11:06 | 000,035,949 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/08/21 17:11:06 | 000,035,949 | ---- | C] () -- C:\ProgramData\nvModes.001
[2006/11/10 13:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 19:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,427,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2003/08/07 13:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP