Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Troj/Rustok-N virus

Started by Paradisv1 , Jul 14 2009 05:22 PM

  • Please log in to reply

#1
Paradisv1
Posted 14 July 2009 - 05:22 PM

Paradisv1

    New Member

  • Member
  • Pip
  • 7 posts
As i'm sure you've heard a thousand times now, i fit the profile of amateur computer technician. I'm proficient in day-to-day use, and solving fairly elementary issues, but when it comes to anything that reading code or high-level understanding, i'm hooped.

Currently i have the Troj/Rustok-N worm/virus or whatever label it has. my generic AVG won't get rid of it, though i do have access to a copy of Norton 360 v.3.0 Howevever from the threads i've browsed, it appears that Norton is just as useless, no?

I tried following this thread (http://www.geekstogo...-N-t245279.html) but i'm running into some fundamental barriers here.
I went to download the combofix.exe file that was linked (http://www.geekstogo...ix-file197.html), however my "right click" function seems to conveniently disabled when i try to click on icons, particularly that variety. So i'm unable to save it ontop my desktop. infact just clicking on it brings up a dead link. My bitcomet will download the file, though it's rerouted to my downloads folder. I can alter my download function so it downloads it to my desktop, however i cannot "rename" the file to combo-fix.

I tried copying and pasting it onto my desktop, but it will not run after i click run. I'm assuming thats due to the lovely trojan horse i've got.

can someone help guide me here? So far i'm just experience computer performance issues, as well a variety of bizarre stuff like the loss of right click and some not getting linked to the appropriate pages when i click on a search.

thanks gentlemen
  • 0

Advertisements

#2
Paradisv1
Posted 14 July 2009 - 09:54 PM

Paradisv1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok here is my combo-fix results

ComboFix 09-07-14.07 - Chris 07/14/2009 22:31.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.671 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ESQULwgvpqfuirvaswwyrajlvmyqbpxewxjqp.sys
c:\windows\system32\ESQULbbmlwospftehrmehalbwoxbipjjrqljq.dll
c:\windows\system32\ESQULxujntrodplkdaakxduhfuhymttprewch.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-09 21:28 . 2009-07-09 21:28 -------- d-----w- c:\documents and settings\Chris\Application Data\Final Draft
2009-07-09 21:27 . 2009-07-09 21:27 51712 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D174.exe
2009-07-09 21:27 . 2009-07-09 21:27 51712 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D173.exe
2009-07-09 21:27 . 2009-07-09 21:27 51712 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D172.exe
2009-07-09 21:27 . 2009-07-09 21:27 27648 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D171.exe
2009-07-09 21:27 . 2009-07-09 21:27 -------- d-----w- c:\program files\Final Draft Tagger
2009-07-09 21:03 . 2005-07-05 17:47 1073152 ----a-w- c:\windows\system32\cdintf210.dll
2009-07-09 21:03 . 2009-07-09 21:03 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Final Draft
2009-07-09 21:03 . 2009-07-09 21:27 -------- d-----w- c:\program files\Final Draft 7
2009-07-09 20:55 . 2009-07-09 21:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-01 23:49 . 2009-07-01 23:49 -------- d-----w- c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 00:10 . 2009-01-18 07:39 -------- d-----w- c:\program files\BitComet
2009-07-08 00:06 . 2009-01-14 23:35 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 13:24 . 2009-01-23 17:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Soulseek
2009-06-24 03:42 . 2009-01-14 23:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 03:42 . 2009-01-14 23:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-08 22:02 . 2009-01-14 23:35 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2002-09-03 16:39 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2002-09-03 17:12 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-01-14 22:22 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2002-09-03 17:11 1847168 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"Radio365Agent"="c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe" [2009-03-05 884736]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 03:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14825:TCP"= 14825:TCP:BitComet 14825 TCP
"14825:UDP"= 14825:UDP:BitComet 14825 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/14/2009 5:35 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/14/2009 5:35 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/14/2009 5:35 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/14/2009 5:35 PM 298776]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 22:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-15 22:37
ComboFix-quarantined-files.txt 2009-07-15 04:37

Pre-Run: 56,139,710,464 bytes free
Post-Run: 56,530,837,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

116 --- E O F --- 2009-06-12 04:47

Edited by Paradisv1, 14 July 2009 - 10:44 PM.

  • 0

#3
Paradisv1
Posted 14 July 2009 - 10:52 PM

Paradisv1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL results

OTL logfile created on: 7/14/2009 10:48:02 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 634.49 Mb Available Physical Memory | 61.99% Memory free
1.15 Gb Paging File | 0.88 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): C:\pagefile.sys 256 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.67 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-4RJ5C03VW
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/12/01 14:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/12/01 14:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/23 21:42:11 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/07 18:06:52 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/06/23 21:42:16 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/08 16:02:38 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/06/23 21:42:16 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/14 18:49:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/14 22:47:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/01 14:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/12/01 15:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/07/07 18:06:52 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/23 21:42:11 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/01/14 18:49:13 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/09/24 11:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2008/12/01 16:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/07/07 18:06:57 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/23 21:42:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/08 16:02:33 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2006/06/09 23:58:22 | 01,373,120 | ---- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Stopped])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2002/09/03 10:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 23:31:36 | 00,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\System32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Radio365Agent] C:\Program Files\Live365\Radio365\Radio365TrayAgent.exe (Live365)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/14 15:25:21 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/07/14 22:43:12 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/07/14 22:37:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/07/14 22:36:58 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/14 22:36:58 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/14 22:36:58 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/14 22:36:58 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/14 22:36:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/14 22:36:58 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/14 22:36:58 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/14 22:36:58 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/14 22:36:58 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/14 22:36:58 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/14 22:36:58 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/14 22:36:58 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/14 22:36:58 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/14 22:36:58 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/14 22:36:58 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/14 22:36:58 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/14 22:36:58 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/14 22:36:58 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/14 22:36:58 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/14 22:36:58 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/14 22:36:58 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/14 22:36:58 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/14 22:36:58 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/14 22:36:58 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/14 22:36:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/14 22:36:58 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/14 22:36:58 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/14 22:36:58 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/14 22:36:58 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/14 22:36:58 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/14 22:36:58 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/14 22:36:58 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/14 22:36:58 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/14 22:36:58 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/14 22:36:58 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/14 22:36:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/14 22:21:51 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/14 22:21:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/14 22:21:48 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/14 22:20:20 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/14 22:20:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/14 22:20:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/14 22:20:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/14 22:20:20 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/14 22:20:20 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/14 22:20:20 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/14 22:20:20 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/14 22:20:15 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/14 22:20:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/14 22:12:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/14 22:08:58 | 00,242,360 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\TFC.exe
[2009/07/14 22:07:12 | 03,137,347 | R--- | C] () -- C:\Documents and Settings\Chris\Desktop\Combo-Fix.exe
[2009/07/13 20:13:27 | 00,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/13 20:13:24 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\ESQULzcounter
[2009/07/09 15:31:08 | 00,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2009/07/09 15:28:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Final Draft
[2009/07/09 15:27:56 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
[2009/07/09 15:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Final Draft Tagger
[2009/07/09 15:26:29 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/09 15:03:14 | 01,073,152 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf210.dll
[2009/07/09 15:03:12 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2009/07/09 15:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2009/07/09 15:03:05 | 00,000,000 | ---D | C] -- C:\Program Files\Final Draft 7
[2009/07/09 14:55:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/01 17:49:09 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/02/09 02:02:43 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/09 02:02:43 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/15 12:44:32 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2003/02/19 02:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/09/03 11:11:56 | 00,000,517 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/03 11:06:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/14 22:47:03 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/07/14 22:37:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/14 22:36:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/14 22:31:00 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/14 22:30:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/14 22:30:52 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/14 22:21:51 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/14 22:12:45 | 03,137,347 | R--- | M] () -- C:\Documents and Settings\Chris\Desktop\Combo-Fix.exe
[2009/07/14 22:08:59 | 00,242,360 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\TFC.exe
[2009/07/14 16:56:58 | 00,028,327 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/14 16:56:57 | 38,168,858 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/14 07:37:32 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\ESQULzcounter
[2009/07/13 20:11:31 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 07:31:43 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/12 00:08:47 | 00,000,239 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\DV - Wikipedia, the free encyclopedia.url
[2009/07/10 07:35:25 | 00,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/09 15:31:37 | 00,000,026 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2009/07/09 15:31:03 | 00,000,021 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
[2009/07/09 15:28:47 | 00,000,021 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2009/07/07 18:06:57 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/01 17:59:24 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/30 01:13:24 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/23 21:42:16 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/23 21:42:16 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
< End of report >
  • 0

#4
Paradisv1
Posted 14 July 2009 - 10:55 PM

Paradisv1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Extras.txt


OTL Extras logfile created on: 7/14/2009 10:48:02 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 634.49 Mb Available Physical Memory | 61.99% Memory free
1.15 Gb Paging File | 0.88 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): C:\pagefile.sys 256 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.67 Gb Free Space | 70.67% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-4RJ5C03VW
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"14825:TCP" = 14825:TCP:*:Enabled:BitComet 14825 TCP
"14825:UDP" = 14825:UDP:*:Enabled:BitComet 14825 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/07/07 18:06:52 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2009/07/07 18:06:35 | 01,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/12/03 04:11:42 | 02,514,744 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/08/02 07:59:20 | 03,461,120 | ---- | M] () -- C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"BitComet" = BitComet 1.07
"C-Media Audio Driver" = C-Media WDM Audio Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Radio365 2.0" = Radio365 2.0
"Radio365 2.1" = Radio365 2.1
"Soulseek2" = SoulSeek 157 NS 13c
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/9/2009 6:16:24 PM | Computer Name = CHRIS-4RJ5C03VW | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module mshtml.dll, version 7.0.6000.16788, fault address 0x00053bf6.

Error - 2/11/2009 2:18:18 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/11/2009 8:28:25 PM | Computer Name = CHRIS-4RJ5C03VW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/11/2009 8:41:48 PM | Computer Name = CHRIS-4RJ5C03VW | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module mshtml.dll, version 7.0.6000.16788, fault address 0x000b94ad.

Error - 3/2/2009 12:46:29 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/2009 4:16:57 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2009 4:37:05 PM | Computer Name = CHRIS-4RJ5C03VW | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 5/1/2009 3:24:25 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Application Hang | ID = 1002
Description = Hanging application slsk.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/9/2009 5:26:48 PM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/9/2009 5:26:48 PM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/9/2009 5:26:48 PM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/9/2009 5:26:49 PM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/13/2009 9:12:29 PM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 7/15/2009 12:22:34 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/15/2009 12:31:08 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/15/2009 12:31:28 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/15/2009 12:35:59 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/15/2009 12:36:00 AM | Computer Name = CHRIS-4RJ5C03VW | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.


< End of report >
  • 0

#5
Paradisv1
Posted 14 July 2009 - 11:01 PM

Paradisv1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.93GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Chris ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:52 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 07/14/2009|22:57 )

--------------------\\ Listing folders in APPLIC~1

[01/24/2009|05:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[01/21/2009|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/24/2009|05:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[02/03/2009|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[07/09/2009|03:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Final Draft
[01/14/2009|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[02/07/2009|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/14/2009|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[07/02/2009|07:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Soulseek
[01/20/2009|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[01/14/2009|04:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[01/14/2009|06:48] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Adobe
[01/24/2009|05:38] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Apple Computer
[07/09/2009|03:28] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Final Draft
[01/14/2009|06:49] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Google
[01/14/2009|04:11] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Identities
[01/14/2009|06:48] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Macromedia
[07/09/2009|03:27] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Microsoft
[02/24/2009|10:49] C:\DOCUME~1\Chris\APPLIC~1\<DIR> WinRAR

[01/14/2009|03:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/22/2009|12:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/14/2009|05:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[07/14/2009 10:31 PM][--ah-----] C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[06/03/2009 10:38 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/14/2009 10:37 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/03/2002 10:46 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/21/2009|11:56] C:\Program Files\<DIR> Apple Software Update
[01/14/2009|04:42] C:\Program Files\<DIR> AVG
[07/14/2009|06:10] C:\Program Files\<DIR> BitComet
[01/24/2009|05:37] C:\Program Files\<DIR> Bonjour
[07/14/2009|10:34] C:\Program Files\<DIR> Common Files
[01/14/2009|03:22] C:\Program Files\<DIR> ComPlus Applications
[07/09/2009|03:27] C:\Program Files\<DIR> Final Draft 7
[07/09/2009|03:27] C:\Program Files\<DIR> Final Draft Tagger
[01/14/2009|06:49] C:\Program Files\<DIR> Google
[01/15/2009|12:44] C:\Program Files\<DIR> InstallShield Installation Information
[06/11/2009|10:45] C:\Program Files\<DIR> Internet Explorer
[01/24/2009|05:37] C:\Program Files\<DIR> iPod
[01/24/2009|05:37] C:\Program Files\<DIR> iTunes
[01/15/2009|09:39] C:\Program Files\<DIR> Live365
[01/14/2009|05:58] C:\Program Files\<DIR> Messenger
[01/20/2009|12:37] C:\Program Files\<DIR> Microsoft
[01/14/2009|03:25] C:\Program Files\<DIR> microsoft frontpage
[01/14/2009|05:26] C:\Program Files\<DIR> Movie Maker
[01/14/2009|03:22] C:\Program Files\<DIR> MSN
[01/14/2009|03:21] C:\Program Files\<DIR> MSN Gaming Zone
[01/14/2009|05:23] C:\Program Files\<DIR> NetMeeting
[01/14/2009|03:24] C:\Program Files\<DIR> Online Services
[01/14/2009|05:23] C:\Program Files\<DIR> Outlook Express
[01/24/2009|05:37] C:\Program Files\<DIR> QuickTime
[01/15/2009|12:44] C:\Program Files\<DIR> Realtek AC97
[01/16/2009|01:29] C:\Program Files\<DIR> Soulseek
[01/23/2009|11:58] C:\Program Files\<DIR> SoulseekNS
[01/20/2009|02:03] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/14/2009|04:11] C:\Program Files\<DIR> Uninstall Information
[01/20/2009|12:37] C:\Program Files\<DIR> Windows Live
[07/01/2009|05:49] C:\Program Files\<DIR> Windows Live Safety Center
[01/20/2009|12:37] C:\Program Files\<DIR> Windows Live SkyDrive
[01/22/2009|12:40] C:\Program Files\<DIR> Windows Media Connect 2
[01/22/2009|12:40] C:\Program Files\<DIR> Windows Media Player
[01/14/2009|05:23] C:\Program Files\<DIR> Windows NT
[01/14/2009|03:22] C:\Program Files\<DIR> WindowsUpdate
[02/24/2009|10:48] C:\Program Files\<DIR> WinRAR
[01/14/2009|03:25] C:\Program Files\<DIR> xerox
[02/09/2009|02:02] C:\Program Files\<DIR> Xvid

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/24/2009|05:36] C:\Program Files\Common Files\<DIR> Apple
[01/14/2009|06:22] C:\Program Files\Common Files\<DIR> Download Manager
[01/15/2009|12:44] C:\Program Files\Common Files\<DIR> InstallShield
[01/20/2009|12:37] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/14/2009|03:23] C:\Program Files\Common Files\<DIR> MSSoap
[01/14/2009|07:48] C:\Program Files\Common Files\<DIR> ODBC
[01/14/2009|03:23] C:\Program Files\Common Files\<DIR> Services
[01/14/2009|07:48] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/14/2009|05:23] C:\Program Files\Common Files\<DIR> System
[01/20/2009|12:34] C:\Program Files\Common Files\<DIR> Windows Live
[07/09/2009|03:27] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 31 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Chris\Cookies\chris@adultfriendfinder[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 22:58:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.91,85.255.112.85
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{F16C19BF-766C-4E96-9962-32B1DA733F8F}]
NameServer REG_SZ 85.255.112.91,85.255.112.85
==> WAREOUT <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Chris\My Documents\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]
C:\DOCUME~1\Chris\My Documents\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR].rar
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\01 - mastodon - oblivion.mp3
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\02 - mastodon - divinations.mp3
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\03 - mastodon - quintessence.mp3
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\04 - mastodon - the czar.mp3
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\05 - mastodon - ghost of karelia.mp3
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\06 - mastodon - crack the skye.mp3
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\07 - mastodon - the last baron.mp3
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\albumartsmall.jpg
C:\DOCUME~1\Chris\My Documents\My Music\Music\Complete\Heavy\crack the skye\folder.jpg
C:\DOCUME~1\Chris\Recent\Final Draft 7.0 with crack.lnk
C:\DOCUME~1\Chris\Recent\Final.Draft.v8.0.0.81.WinALL.Keygen-GQ.lnk


[F:1634][D:0]-> C:\DOCUME~1\Chris\Cookies
[F:147][D:4]-> C:\DOCUME~1\Chris\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 07/14/2009|22:58 - Option : [1]

--------------------\\ Scan completed at 22:58:44
  • 0

#6
Paradisv1
Posted 14 July 2009 - 11:02 PM

Paradisv1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
SOOOO....

Is this all look good and proper?? i noticed threads being asked to run a TFC appl., ? is something i should be doing too?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP