Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VISTA SECURITY 2011 virus


  • Please log in to reply

#1
busdrvr64

busdrvr64

    Member

  • Member
  • PipPipPip
  • 125 posts
I have a REALLY big problem. I have these balloons coming up. They say things like Stealth intrusion . Key logger alert System danger. Cant run MBAM. Run this program, Vista Security 2011. I dl a form and it started right then. I cant get on the net without it coming up. Please help. Here is the otl log

OTL logfile created on: 11/15/2010 6:27:04 PM - Run 5
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\new user\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 363.00 Mb Available Physical Memory | 38.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.30 Gb Free Space | 59.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEWUSER-PC
Current User Name: new user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\new user\AppData\Local\pw.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\new user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Microsoft Corporation)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)


========== Modules (SafeList) ==========

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\new user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvrd32) -- C:\Windows\system32\DRIVERS\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce™ -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 CD 55 17 45 FB C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/06/05 17:47:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Sound Card Driver] C:\Program Files\Common Files\microsoft shared\DAO\NEWUSER-PC\svchost.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\new user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = pezfile] -- "C:\Users\new user\AppData\Local\pw.exe" /START "%1" %* ()

========== Files/Folders - Created Within 90 Days ==========

[2010/11/10 04:56:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/07 12:30:52 | 000,000,000 | ---D | C] -- C:\Casino
[2010/11/07 12:11:34 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\SuperslotsCasino
[2010/10/17 14:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\VegasRegalCasino
[2010/10/16 08:54:56 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\CrazySlotsCasino
[2010/10/10 05:54:25 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\SlotsGaloreCasino
[2010/10/09 15:45:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/09 15:45:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/09 15:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/08 04:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/08 18:26:59 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\VTExtra
[2010/09/08 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\VTShared
[2010/09/08 18:19:32 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Local\GoCasino
[2010/08/24 07:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/08/24 07:05:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/08/24 07:05:09 | 000,000,000 | ---D | C] -- C:\51ab265f4ef8d05e9248
[2010/08/21 10:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/21 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\new user\AppData\Roaming\Apple Computer
[2010/08/21 10:35:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/21 10:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/21 10:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/21 10:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/21 10:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/21 10:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/21 10:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/21 10:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/21 10:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

========== Files - Modified Within 90 Days ==========

[2010/11/15 18:26:58 | 001,835,008 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT
[2010/11/15 18:22:37 | 000,009,654 | -HS- | M] () -- C:\Users\new user\AppData\Local\opRSK
[2010/11/15 17:34:09 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 17:34:09 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 17:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/15 11:39:49 | 000,174,592 | -HS- | M] () -- C:\Users\new user\AppData\Local\pw.exe
[2010/11/15 05:36:40 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/11/15 05:36:40 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/15 05:36:40 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/15 05:34:08 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AFA7A386-982A-402B-A456-4FDB6DBE79EE}.job
[2010/11/15 05:30:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/11/14 21:31:32 | 000,524,288 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/11/14 21:31:32 | 000,065,536 | -HS- | M] () -- C:\Users\new user\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/11/11 22:25:25 | 002,452,357 | -H-- | M] () -- C:\Users\new user\AppData\Local\IconCache.db
[2010/11/08 04:42:55 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/08 04:42:55 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/07 12:43:00 | 000,000,963 | ---- | M] () -- C:\Users\new user\Desktop\Slots Galore Casino.lnk
[2010/10/28 20:34:30 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/24 21:38:53 | 000,000,453 | ---- | M] () -- C:\Windows\winhelp.ini
[2010/10/24 20:45:13 | 000,000,951 | ---- | M] () -- C:\Users\new user\Desktop\Go Casino.lnk
[2010/10/17 14:03:09 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Regal Casino.lnk
[2010/10/13 04:27:52 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/12 18:06:34 | 000,004,608 | ---- | M] () -- C:\Users\new user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/12 18:05:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/09 15:45:12 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 04:27:12 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/24 10:11:13 | 000,049,560 | ---- | M] () -- C:\Users\new user\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/24 07:42:13 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk
[2010/08/24 07:10:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
[2010/08/24 07:09:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/24 07:07:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/08/21 10:54:23 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/21 10:36:02 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/11/15 11:39:53 | 000,009,654 | -HS- | C] () -- C:\Users\new user\AppData\Local\opRSK
[2010/11/15 11:39:49 | 000,174,592 | -HS- | C] () -- C:\Users\new user\AppData\Local\pw.exe
[2010/11/07 12:43:00 | 000,000,963 | ---- | C] () -- C:\Users\new user\Desktop\Slots Galore Casino.lnk
[2010/10/28 20:34:30 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/17 14:03:09 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Regal Casino.lnk
[2010/10/12 18:05:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/09 15:45:12 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/08 04:27:12 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/08 18:19:32 | 000,000,951 | ---- | C] () -- C:\Users\new user\Desktop\Go Casino.lnk
[2010/08/24 07:42:13 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk
[2010/08/24 07:10:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
[2010/08/24 07:09:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/24 07:09:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/08/24 07:07:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/08/21 10:54:23 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/21 10:36:02 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/09 14:29:35 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2010/05/30 12:34:10 | 000,000,453 | ---- | C] () -- C:\Windows\winhelp.ini
[2009/11/05 17:22:34 | 000,001,736 | ---- | C] () -- C:\Windows\hpdj3840.ini
[2009/07/16 14:12:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/04/25 20:33:32 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/20 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\PeerNetworking
[2009/04/21 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\Southwest Airlines
[2010/09/08 18:30:39 | 000,000,000 | ---D | M] -- C:\Users\new user\AppData\Roaming\VTExtra
[2010/11/14 21:31:13 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/15 05:34:08 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AFA7A386-982A-402B-A456-4FDB6DBE79EE}.job

========== Purity Check ==========

I know there is a key logger here. I put it here. 007 is what its called.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP