Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:53 AM, on 3/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\PLFSetL.exe
C:\Windows\PLFSetI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\system32\taskeng.exe
C:\Users\alan\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\alan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\alan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [mxomssmenu] "H:\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\alan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googl...en/preview.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94A8DAC4-0882-450F-9F91-EAE6AC24B307}: NameServer = 85.255.112.12,85.255.112.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.12,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.12,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.12,85.255.112.112
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0194191216250733) (0194191216250733mcinstcleanup) - Unknown owner - C:\Users\alan\AppData\Local\Temp\019419~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c99a83e6f44050) (gupdate1c99a83e6f44050) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Unknown owner - H:\Sync\SyncServices.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12193 bytes
------------------------------------------------------------------------------------------------------------------------------
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
C:\ [Fixed] - NTFS - (Total:71316 Mo/Free:2698 Mo)
D:\ [Fixed] - NTFS - (Total:3454 Mo/Free:3354 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Z:\ [Fixed] - NTFS - (Total:55040 Mo/Free:3227 Mo)
Mon 03/16/2009| 6:48
----------------------\\ Processes..
--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
---------- C:\Windows\RtHDVCpl.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
---------- C:\Windows\PLFSetL.exe
---------- C:\Windows\PLFSetI.exe
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Users\alan\AppData\Local\Temp\RtkBtMnt.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
---------- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
---------- C:\Acer\Empowering Technology\eNet\eNet Service.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Acer\Mobility Center\MobilityService.exe
---------- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
---------- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
---------- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Launch Manager\LManager.exe
---------- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
---------- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Windows\System32\igfxtray.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Users\alan\AppData\Local\Google\Update\GoogleUpdate.exe
---------- C:\Windows\system32\igfxext.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Program Files\eFax Messenger 4.3\J2GTray.exe
---------- C:\Program Files\Launchy\Launchy.exe
---------- C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
---------- C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
---------- C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
---------- C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
---------- C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
---------- C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
---------- C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Program Files\Vidalia Bundle\Tor\tor.exe
---------- C:\Program Files\Skype\Plugin Manager\skypePM.exe
---------- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Users\alan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
---------- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
---------- C:\Windows\system32\NOTEPAD.EXE
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.12,85.255.112.112
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.12,85.255.112.112
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.12,85.255.112.112
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{94A8DAC4-0882-450F-9F91-EAE6AC24B307}]
NameServer REG_SZ 85.255.112.12,85.255.112.112
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{94A8DAC4-0882-450F-9F91-EAE6AC24B307}]
NameServer REG_SZ 85.255.112.12,85.255.112.112
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{94A8DAC4-0882-450F-9F91-EAE6AC24B307}]
NameServer REG_SZ 85.255.112.12,85.255.112.112
==> WAREOUT <==
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Mon 03/16/2009| 6:49
----------------------\\ Scan completed at 6:49
-----------------------------------------------------------------------------------------------------------