Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

consistant attacks from swiltcho18.com from my eset nod 32

Started by shaunb , Mar 25 2011 04:16 AM

  • Please log in to reply

#1
shaunb
Posted 25 March 2011 - 04:16 AM

shaunb

    New Member

  • Member
  • Pip
  • 2 posts
hey,
i am getting repeted blockings from this adress when i open a new internet page from my eset nod32 anti virus, the adress is :
swltcho18.com/TZO3S4RD6Y6H7c2dmVyPTQuMCZiaWQ9NzFkNDExNTk4OTI1Yji3MTNiODAwZDA4GEyMTIiMGFiNDhmZDc30czhaWQ9NTAwMDYmc2IkPTAmcmQ9MCZIbmc9d3d3Lmdvb2dsZS5ueiZxPWdhbWVz16K
i have run computer scans with eset and it doesnt bring up any infected files, my internet has seemed slower and i dd have problems with start up, once it stayyed on the welcome screen and i need to fully reboot the computer, then on other times it got stuck at the black screen that shows the drivers loading an dit would only turn on when i went threw bio mode with fail safe loading activated. i dont know if this is connected to it but my computer also went to a blus screen when i was on youtube and i had to reboot my computer i can get more infomation on that next time it happins if needed. i also download torrents so that may of been where it came from but i am usualy quite safe

i belive that is all the infomation i can give you
cheers shaun.
sorry about bad grammer and spelling

Attached Files

  • Attached File  OTL.Txt   58.51KB   100 downloads

  • 0

Advertisements

#2
shaunb
Posted 27 March 2011 - 12:35 PM

shaunb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
heres the otl LOG:

OTL logfile created on: 25/03/2011 10:49:21 p.m. - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\RB Eng\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 357.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 69.52 Gb Free Space | 46.69% Space Free | Partition Type: NTFS

Computer Name: RBENG | User Name: RB Eng | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/24 20:28:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RB Eng\Desktop\OTL.exe
PRC - [2011/01/20 22:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/12/09 07:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2008/04/14 13:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/14 13:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


========== Modules (SafeList) ==========

MOD - [2011/03/24 20:28:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RB Eng\Desktop\OTL.exe
MOD - [2010/08/24 05:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/09 07:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/02/14 16:09:10 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/28 23:27:36 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/04/09 07:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010/03/04 23:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/03/04 23:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/11/18 12:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 12:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/10 22:00:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {0D6234D0-DBA2-11D1-B5DF-0060976089D0} http://192.168.3.2/S...trols/todg6.ocx (True OLE DBGrid 6 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} http://192.168.3.2/S...tiveXViewer.cab (Crystal Report Viewer Control 9)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\RB Eng\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\RB Eng\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/21 10:59:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ac057bc-2857-11e0-986f-001d7d2a3c25}\Shell - "" = AutoRun
O33 - MountPoints2\{4ac057bc-2857-11e0-986f-001d7d2a3c25}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ac057bc-2857-11e0-986f-001d7d2a3c25}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{4ac057bd-2857-11e0-986f-001d7d2a3c25}\Shell - "" = AutoRun
O33 - MountPoints2\{4ac057bd-2857-11e0-986f-001d7d2a3c25}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ac057bd-2857-11e0-986f-001d7d2a3c25}\Shell\AutoRun\command - "" = F:\RunGame.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/24 20:28:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RB Eng\Desktop\OTL.exe
[2011/03/24 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/03/24 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/03/24 19:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Local Settings\Application Data\ConduitEngine
[2011/03/24 19:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2011/03/24 19:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Local Settings\Application Data\Vuze_Remote
[2011/03/24 19:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Start Menu\Programs\VirtualDJ
[2011/03/24 19:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony
[2011/03/24 19:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2011/03/24 19:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Application Data\PriceGong
[2011/03/24 19:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD
[2011/03/24 19:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Native Instruments
[2011/03/24 19:40:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
[2011/03/24 19:40:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{1E073424-A3F8-474B-A503-A99428594527}
[2011/03/24 19:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/03/24 19:40:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2011/03/24 19:40:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}
[2011/03/24 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/03/24 19:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011/03/24 19:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Start Menu\Programs\ASIO4ALL v2
[2011/03/20 11:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/03/20 11:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011/03/20 09:52:07 | 008,555,960 | ---- | C] (Vuze Inc.) -- C:\Documents and Settings\RB Eng\Desktop\Vuze_Installer.exe
[2011/03/19 15:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\My Documents\Native Instruments
[2011/03/19 15:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\My Documents\Traktor3
[2011/03/19 15:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/03/19 11:57:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/03/18 21:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Application Data\DigitalDJ17
[2011/03/13 19:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Desktop\myob payroll backup
[2011/03/12 14:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Local Settings\Application Data\ESET
[2011/03/10 22:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/03/10 22:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/10 22:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/03/07 01:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Application Data\Syntrillium
[2011/03/07 00:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Application Data\Steinberg
[2011/03/07 00:33:24 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys
[2011/03/07 00:33:15 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2011/03/07 00:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2011/03/02 22:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Desktop\mix
[2011/03/02 20:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/03/01 16:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Application Data\Publish Providers
[2011/03/01 16:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Local Settings\Application Data\Sony
[2011/03/01 15:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/03/01 15:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/03/01 15:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/03/01 15:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/02/27 18:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Desktop\Program Files
[2011/02/27 18:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\Desktop\Plus19
[2011/02/25 16:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RB Eng\ebookfiles
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\RB Eng\My Documents\*.tmp files -> C:\Documents and Settings\RB Eng\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 22:50:48 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{345CFA54-7EE3-499F-93B6-7943FE594372}.job
[2011/03/25 22:50:28 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/25 22:50:28 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/25 22:46:12 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/03/25 22:46:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 22:45:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 19:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/25 19:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/24 20:28:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RB Eng\Desktop\OTL.exe
[2011/03/24 19:44:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/24 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-RBENG-RB Eng.job
[2011/03/23 09:14:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/22 11:34:54 | 000,000,431 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2011/03/22 11:34:29 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2011/03/21 21:05:00 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/20 19:44:47 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Traktor.lnk
[2011/03/20 19:41:12 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Controller Editor.lnk
[2011/03/20 10:01:05 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\RB Eng\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/03/20 09:52:07 | 008,555,960 | ---- | M] (Vuze Inc.) -- C:\Documents and Settings\RB Eng\Desktop\Vuze_Installer.exe
[2011/03/16 19:01:21 | 020,037,088 | ---- | M] () -- C:\Documents and Settings\RB Eng\Desktop\Heart of darkness (INTRO TO DARK DnB FULL SET).flv
[2011/03/16 18:54:29 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/03/10 22:12:07 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/07 01:56:15 | 000,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx
[2011/03/07 00:57:02 | 003,529,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/06 22:35:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/06 19:12:15 | 336,091,180 | ---- | M] () -- C:\Documents and Settings\RB Eng\My Documents\virtual dj mix.wav
[2011/03/06 17:59:40 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\RB Eng\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/03 03:12:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/02 20:59:20 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\RB Eng\Desktop\VirtualDJ 7 Pro.lnk
[2011/03/01 15:43:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/01 15:41:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\RB Eng\My Documents\*.tmp files -> C:\Documents and Settings\RB Eng\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/24 19:44:51 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2011/03/20 19:44:47 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Traktor.lnk
[2011/03/20 19:41:12 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Controller Editor.lnk
[2011/03/20 10:01:05 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\RB Eng\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/03/20 10:01:04 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/03/16 19:01:12 | 020,037,088 | ---- | C] () -- C:\Documents and Settings\RB Eng\Desktop\Heart of darkness (INTRO TO DARK DnB FULL SET).flv
[2011/03/16 18:54:29 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/03/07 01:56:15 | 000,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx
[2011/03/06 14:53:23 | 336,091,180 | ---- | C] () -- C:\Documents and Settings\RB Eng\My Documents\virtual dj mix.wav
[2011/03/02 20:59:20 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\RB Eng\Desktop\VirtualDJ 7 Pro.lnk
[2011/03/01 15:41:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/11/30 20:20:15 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/11/01 19:48:44 | 000,110,064 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/11/01 19:48:44 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/11/01 19:48:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/10/26 14:02:00 | 000,000,431 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2010/10/26 14:02:00 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2010/10/26 13:56:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2010/10/26 13:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2010/10/26 12:16:27 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2010/10/26 11:59:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\aocheck.exe
[2010/10/22 21:33:38 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\RB Eng\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/21 23:31:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/21 23:28:37 | 003,529,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/21 11:39:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/21 11:10:09 | 000,013,256 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/10/21 11:09:58 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/10/21 11:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/21 11:01:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 10:57:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ctreestd.dll
[2005/03/23 09:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/23 09:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 01:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 01:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/07 16:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/10/21 12:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/22 21:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2011/01/26 11:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/01/26 11:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/03/10 22:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/11/20 19:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/03/20 11:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/02/09 09:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oJbCmOm01804
[2010/11/20 18:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/26 08:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/01 15:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/10/22 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
[2011/03/24 19:41:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1E073424-A3F8-474B-A503-A99428594527}
[2010/11/11 12:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/24 19:41:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
[2011/03/24 19:40:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}
[2011/03/24 19:40:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2011/01/22 21:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\Astroburn Lite
[2011/03/12 21:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\Audacity
[2011/03/20 10:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\Azureus
[2010/12/26 15:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/26 11:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\DAEMON Tools Lite
[2011/01/26 11:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\DAEMON Tools Pro
[2011/03/18 21:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\DigitalDJ17
[2010/10/22 21:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\GetRightToGo
[2011/03/10 21:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\Image Zone Express
[2011/03/25 22:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\PriceGong
[2011/03/01 16:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\Publish Providers
[2011/03/01 16:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\Sony
[2011/01/24 00:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/07 00:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\Steinberg
[2011/02/03 10:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RB Eng\Application Data\uTorrent
[2011/03/25 19:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/03/25 22:50:48 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{345CFA54-7EE3-499F-93B6-7943FE594372}.job

========== Purity Check ==========



< End of report >

also the address being blocked is ip adress:144:60:205:232:80
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP