dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
share rss forum feed


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
reply to lilhurricane

Re: spamy email, trojan?

color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/05/06 10:10:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\bub\Desktop\OTL.exe
[2012/05/06 10:08:07 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012/05/06 10:08:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/06 10:07:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 10:07:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 10:07:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/06 10:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/06 10:07:34 | 3207,802,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 10:06:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/06 10:03:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/06 09:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4044444004-2593288019-4090520989-1000UA.job
[2012/05/06 09:31:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4044444004-2593288019-4090520989-1000UA.job
[2012/05/06 07:51:45 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/06 07:49:29 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\bub\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/06 07:46:04 | 000,604,586 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/06 07:46:04 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/06 07:36:54 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012/05/06 07:10:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\bub\Desktop\TFC.exe
[2012/05/06 03:24:25 | 000,060,928 | ---- | M] () -- C:\Users\bub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 15:31:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4044444004-2593288019-4090520989-1000Core.job
[2012/05/05 11:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4044444004-2593288019-4090520989-1000Core.job
[2012/05/04 14:40:41 | 000,028,555 | ---- | M] () -- C:\Users\bub\Desktop\pop_transfer_to_bub_05-04-12_1441.pdf
[2012/05/03 04:31:43 | 000,028,089 | ---- | M] () -- C:\Users\bub\Desktop\mom_transfer_to_bub_05-03-12_0432.pdf
[2012/05/03 04:28:30 | 000,015,550 | ---- | M] () -- C:\Users\bub\Documents\MOM.ods
[2012/05/01 02:33:21 | 000,028,164 | ---- | M] () -- C:\Users\bub\Desktop\bub_transfer_to_mom_05-01-12-0233.pdf
[2012/05/01 02:28:41 | 000,028,402 | ---- | M] () -- C:\Users\bub\Desktop\pop_transfer_to_mom_05-01-12-0229.pdf
[2012/05/01 02:28:06 | 000,014,767 | ---- | M] () -- C:\Users\bub\Documents\POP.ods
[2012/05/01 02:25:50 | 000,028,261 | ---- | M] () -- C:\Users\bub\Desktop\pop_transfer_to_bub_05-01-12_0226.pdf
[2012/04/28 17:42:03 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/04/23 14:17:32 | 000,000,832 | ---- | M] () -- C:\Users\bub\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/23 14:17:32 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/23 14:06:54 | 000,062,930 | ---- | M] () -- C:\Users\bub\Desktop\bookmarks-2012-04-23.json
[2012/04/16 11:51:50 | 000,001,636 | ---- | M] () -- C:\Users\bub\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/04/11 12:11:44 | 016,252,789 | ---- | M] () -- C:\Users\bub\Desktop\Neon Hitch - Fuck U Betta [Explicit Version].mp4
[2012/04/11 11:26:11 | 000,000,766 | ---- | M] () -- C:\Users\bub\Desktop\SpeedFan.lnk
[2012/04/11 11:26:10 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2012/04/11 11:20:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/11 11:20:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/10 05:33:57 | 047,033,430 | ---- | M] () -- C:\Users\bub\Desktop\Studio_S_-_Ryoujoku.swf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/05/06 10:08:07 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012/05/06 07:51:45 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 14:41:06 | 000,028,555 | ---- | C] () -- C:\Users\bub\Desktop\pop_transfer_to_bub_05-04-12_1441.pdf
[2012/05/03 04:32:10 | 000,028,089 | ---- | C] () -- C:\Users\bub\Desktop\mom_transfer_to_bub_05-03-12_0432.pdf
[2012/05/01 02:33:49 | 000,028,164 | ---- | C] () -- C:\Users\bub\Desktop\bub_transfer_to_mom_05-01-12-0233.pdf
[2012/05/01 02:29:05 | 000,028,402 | ---- | C] () -- C:\Users\bub\Desktop\pop_transfer_to_mom_05-01-12-0229.pdf
[2012/05/01 02:26:20 | 000,028,261 | ---- | C] () -- C:\Users\bub\Desktop\pop_transfer_to_bub_05-01-12_0226.pdf
[2012/04/23 14:17:32 | 000,000,832 | ---- | C] () -- C:\Users\bub\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/23 14:17:32 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/23 14:17:32 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/23 14:06:36 | 000,062,930 | ---- | C] () -- C:\Users\bub\Desktop\bookmarks-2012-04-23.json
[2012/04/16 11:51:50 | 000,001,636 | ---- | C] () -- C:\Users\bub\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/04/16 11:51:50 | 000,001,624 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/04/11 12:11:15 | 016,252,789 | ---- | C] () -- C:\Users\bub\Desktop\Neon Hitch - Fuck U Betta [Explicit Version].mp4
[2012/04/11 11:20:33 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/10 05:32:08 | 047,033,430 | ---- | C] () -- C:\Users\bub\Desktop\Studio_S_-_Ryoujoku.swf
[2012/02/14 13:11:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PT21F.DLL
[2012/02/14 13:11:28 | 000,001,112 | ---- | C] () -- C:\Windows\System32\PT21L.INI
[2011/08/05 04:12:26 | 000,001,315 | ---- | C] () -- C:\Windows\System32\.ini
[2011/03/25 04:56:20 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/11/28 15:41:02 | 000,000,063 | ---- | C] () -- C:\Windows\pear.ini
[2010/10/11 08:01:08 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010/09/24 03:49:00 | 000,014,848 | ---- | C] () -- C:\Windows\System32\lua5.1a_gui.exe
[2010/09/24 03:49:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\lua5.1a.exe
[2010/09/24 03:48:58 | 000,092,160 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012/01/18 15:00:55 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Audacity
[2012/02/22 02:04:58 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\avidemux
[2011/09/02 00:12:40 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Blender Foundation
[2010/01/09 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Canon
[2009/08/16 19:03:14 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\CoffeeCup Software
[2012/01/30 07:05:35 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Colorblind Assistant
[2012/03/17 22:18:51 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Cubetastic
[2010/03/04 19:23:45 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Digiarty
[2011/12/26 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Downloaded Installations
[2012/03/17 22:36:53 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\EA
[2012/04/23 12:39:03 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\f-secure
[2012/03/12 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\FileZilla
[2010/08/16 21:34:40 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\flightgear.org
[2011/09/02 09:04:42 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\fltk.org
[2012/05/05 20:59:58 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\gnupg
[2010/09/06 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Greenshot
[2011/01/31 08:11:19 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\gsmartcontrol
[2012/01/14 03:30:08 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\gtk-2.0
[2011/07/11 02:18:42 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\HandBrake
[2012/04/16 11:55:52 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\ImgBurn
[2010/01/08 17:02:06 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\InfraRecorder
[2009/11/14 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Inkscape
[2011/05/11 03:07:15 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\IrfanView
[2011/01/06 13:59:37 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\kompozer.net
[2010/05/22 02:28:28 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\MPEG Streamclip
[2010/01/25 05:26:23 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\MusE
[2010/06/29 13:52:59 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\MySQL
[2012/03/17 22:03:51 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Namco
[2012/05/04 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Nitro PDF
[2010/07/28 08:06:21 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Nokia
[2010/02/08 19:16:28 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Nokia Ovi Suite
[2011/05/28 14:15:21 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Notepad++
[2011/12/25 18:35:49 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\nvda
[2012/03/17 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Oberon Media
[2009/05/20 04:22:45 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\OpenOffice.org
[2010/10/18 07:52:06 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Opera
[2010/02/05 19:10:44 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\PC Suite
[2011/03/03 09:19:16 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\PCDr
[2009/05/14 01:09:34 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\PeerNetworking
[2011/07/14 07:02:57 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\PhotoScape
[2011/07/10 15:27:51 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Pogo Games
[2012/04/23 12:23:24 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\QuickScan
[2012/05/01 22:36:15 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Samsung
[2009/05/30 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Skinux
[2011/11/22 19:06:56 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Spotify
[2009/08/11 21:59:44 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Stellarium
[2011/01/16 19:22:59 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Synthesia
[2011/03/25 04:39:21 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\SystemRequirementsLab
[2011/05/27 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Temp
[2009/05/08 01:14:39 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Template
[2010/01/19 20:55:24 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Thunderbird
[2012/05/06 07:45:58 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\TightVNC
[2011/10/02 06:41:03 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\TrueCrypt
[2009/11/09 11:29:43 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\uTorrent
[2010/08/09 21:03:43 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\Wireshark
[2011/12/21 19:56:13 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\xFx
[2010/04/11 14:38:39 | 000,000,000 | ---D | M] -- C:\Users\bub\AppData\Roaming\XnView
[2012/04/28 17:42:03 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2012/05/05 15:31:01 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4044444004-2593288019-4090520989-1000Core.job
[2012/05/06 09:31:01 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4044444004-2593288019-4090520989-1000UA.job
[2012/05/06 10:06:36 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:8BCBFAE0
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:2D0C22DC
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:E65BB25A
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:73AF6C86
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:9EDCE563
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6E079D34
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:39413AC3
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E31543CC

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~