Trojan Horse Agent_r.XJ issue

View previous topic View next topic Go down

Trojan Horse Agent_r.XJ issue

Post by Djhbsmooth1 on Mon Apr 18, 2011 1:45 pm

I have tried for the past 8 hours trying to solve this Trojan Horse Agent_r.XJ problem. I cant seem to remove from my computer I believe it installed xp home security 2011. I have installed malwarebytes but it has done nothing and avast is saying it is still there. I only have access to the xp classic theme.

Djhbsmooth1
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-04-18
OS OS : xp
Points Points : 20668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ issue

Post by Belahzur on Mon Apr 18, 2011 10:35 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ issue

Post by Djhbsmooth1 on Tue Apr 19, 2011 1:02 am

OTL logfile created on: 4/18/2011 7:53:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Broadcast\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 800.00 Mb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 160.60 Gb Free Space | 53.88% Space Free | Partition Type: NTFS

Computer Name: HBSMOOTH-E15140 | User Name: Broadcast | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 19:53:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Broadcast\Desktop\OTL.exe
PRC - [2008/07/03 06:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 19:53:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Broadcast\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wscsvc)
SRV - File not found [Auto | Stopped] -- -- (ERSvc)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/16 07:54:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/23 14:44:06 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV - [2010/01/21 18:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/17 07:44:28 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2004/09/10 17:11:16 | 000,061,625 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.0-beta2-dev3\bin\pg_ctl.exe -- (PostgreSQL)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/24 01:06:30 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2010/12/23 14:43:54 | 000,153,984 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2010/12/23 14:43:50 | 000,213,248 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2010/12/23 10:58:34 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/10/12 23:47:20 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2010/09/29 16:53:38 | 000,078,328 | ---- | M] (Tonec Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2007/11/29 10:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/20 20:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/12/23 04:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2004/02/19 16:12:34 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2002/07/17 01:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7.1.6
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/14 17:15:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/18 07:31:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 23:40:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/13 05:11:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/02/28 07:11:15 | 000,000,000 | ---D | M]

[2011/04/09 23:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Broadcast\Application Data\Mozilla\Extensions
[2011/04/09 23:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Broadcast\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/04/18 07:09:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Broadcast\Application Data\Mozilla\Firefox\Profiles\94f73cz0.default\extensions
[2011/04/18 07:09:47 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Broadcast\Application Data\Mozilla\Firefox\Profiles\94f73cz0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/13 02:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/26 04:13:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/03/09 02:19:02 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\BROADCAST\APPLICATION DATA\IDM\IDMMZCC3
[2011/04/18 07:31:19 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/03 23:40:15 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/03 23:40:21 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe (Uniblue Software)
O4 - HKLM..\RunOnce: [CleanUp] C:\WINDOWS\System32\CleanUp.exe (adi)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [SpkrCnfg] C:\WINDOWS\System32\DSndUp.exe (Analog Devices Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VideoCam Suite.lnk = C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Broadcast\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Broadcast\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/23 10:58:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 19:53:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Broadcast\Desktop\OTL.exe
[2011/04/18 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Start Menu\Programs\MagicISO
[2011/04/18 15:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2011/04/18 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2011/04/18 10:54:12 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/04/18 10:54:11 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/04/18 10:54:11 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/04/18 10:54:03 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/04/18 10:53:59 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/04/18 10:53:59 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/04/18 10:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor
[2011/04/18 10:53:48 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/04/18 10:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/04/18 10:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\PC Tools
[2011/04/18 10:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/18 09:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\PriceGong
[2011/04/18 09:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\Threat Expert
[2011/04/18 08:50:36 | 036,317,280 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Broadcast\Desktop\spyware-doctor.exe
[2011/04/18 08:16:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/18 07:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/04/18 07:58:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/04/18 07:58:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/04/18 07:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/04/18 07:32:11 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 07:32:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/18 07:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/04/18 07:32:09 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 07:32:09 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 07:32:09 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 07:32:08 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 07:32:08 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 07:32:08 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 07:31:18 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 07:31:18 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 07:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/18 07:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/18 07:22:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/18 07:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\QuickScan
[2011/04/18 06:57:19 | 005,497,592 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Broadcast\Desktop\avg_isct_stb_all_2011_1321_free.exe
[2011/04/18 06:38:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/18 06:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/18 06:29:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/18 06:29:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/18 06:29:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/18 06:29:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/18 06:29:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/18 06:01:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/18 05:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Desktop\tdsskiller
[2011/04/18 03:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\Malwarebytes
[2011/04/18 03:34:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/18 03:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/18 03:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/18 03:34:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 03:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 03:18:40 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Broadcast\Desktop\TDSSKiller.exe
[2011/04/18 03:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\tdsskiller
[2011/04/18 03:15:20 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Broadcast\My Documents\tdsskiller.exe
[2011/04/17 23:44:05 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2011/04/17 23:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Cannot Find Fix Wizard
[2011/04/17 23:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Cannot Find Fix Wizard
[2011/04/17 23:13:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/17 22:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/17 21:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/17 21:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/16 03:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\acccore
[2011/04/16 03:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\AIM
[2011/04/16 03:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\AOL
[2011/04/15 04:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\Uniblue
[2011/04/15 04:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedUpMyPC 3
[2011/04/15 04:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/04/12 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\welcome to chicago
[2011/04/11 17:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\college freak images
[2011/04/11 16:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\Publish Providers
[2011/04/11 16:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\NetMedia Providers
[2011/04/11 16:53:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\ACID Pro 7.0 Projects

Djhbsmooth1
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-04-18
OS OS : xp
Points Points : 20668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ issue

Post by Djhbsmooth1 on Tue Apr 19, 2011 1:07 am

[2011/04/11 16:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\Sony
[2011/04/11 16:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2011/04/09 23:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\IMVU Projects
[2011/04/09 23:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\IMVU
[2011/04/09 23:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Start Menu\Programs\IMVU
[2011/04/09 23:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\IMVUClient
[2011/04/07 08:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Desktop\juke vocals
[2011/04/05 06:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\Registry Mechanic
[2011/04/05 06:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Desktop\Below freezing vol 2 hosted by Young Chitown
[2011/04/05 00:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\mixtape folder
[2011/03/30 21:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\Image-Line
[2011/03/30 21:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Start Menu\Programs\Image-Line
[2011/03/30 14:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\CyberLink
[2011/03/30 14:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\CyberLink
[2011/03/29 06:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\mixtapecover
[2011/03/29 01:15:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\run32.dll
[2011/03/28 17:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\skypePM
[2011/03/27 15:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\My Documents\Corel DVD MovieFactory
[2011/03/27 15:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2011/03/27 15:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel DVD MovieFactory 7
[2011/03/27 13:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\Nero
[2011/03/24 00:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\Identities
[2011/03/23 10:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/03/22 21:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\Skype
[2011/03/22 16:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eCpGgIoEaDg05200
[2011/03/21 16:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\Panasonic
[2011/03/20 22:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Broadcast\Application Data\Sun
[2011/02/01 20:01:16 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2011/02/01 20:01:15 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/18 19:55:44 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/18 19:55:44 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/18 19:53:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Broadcast\Desktop\OTL.exe
[2011/04/18 19:51:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 15:24:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 15:23:07 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\MagicISO.lnk
[2011/04/18 15:22:43 | 003,067,400 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Setup_MagicISO.exe
[2011/04/18 15:04:23 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\msssc.dll
[2011/04/18 14:51:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/18 14:40:02 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-261478967-842925246-1005UA.job
[2011/04/18 14:19:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-261478967-842925246-1003UA.job
[2011/04/18 13:38:02 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 11:30:13 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 11:24:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/18 10:53:53 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\Broadcast\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/04/18 10:53:53 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/04/18 08:51:54 | 036,317,280 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Broadcast\Desktop\spyware-doctor.exe
[2011/04/18 08:19:19 | 000,233,085 | -HS- | M] () -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\cth.exe
[2011/04/18 08:01:11 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\My Computer.lnk
[2011/04/18 07:32:12 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/18 07:32:09 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/18 07:27:54 | 062,623,864 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\setup_av_free.exe
[2011/04/18 06:57:29 | 005,497,592 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Broadcast\Desktop\avg_isct_stb_all_2011_1321_free.exe
[2011/04/18 06:38:51 | 000,000,348 | RHS- | M] () -- C:\boot.ini
[2011/04/18 05:23:12 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\tdsskiller.zip
[2011/04/18 03:48:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ifeyogebutebo.bin
[2011/04/18 03:34:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 03:14:52 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Broadcast\My Documents\tdsskiller.exe
[2011/04/18 03:14:34 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\tdsskiller.zip
[2011/04/17 23:44:06 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Windows Cannot Find Fix Wizard.lnk
[2011/04/17 22:41:00 | 000,004,666 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\restorethemes.reg
[2011/04/17 22:31:47 | 000,001,120 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\visualstylefix.reg
[2011/04/17 21:19:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-261478967-842925246-1003Core.job
[2011/04/17 21:17:13 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ngijohesewe.dat
[2011/04/17 20:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2011/04/17 20:01:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/17 20:01:50 | 001,499,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/17 15:40:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-261478967-842925246-1005Core.job
[2011/04/17 02:23:42 | 001,318,249 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\CLUB-FREAKNIK.jpg
[2011/04/17 02:23:24 | 001,318,249 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\firs-tever-flyuer.jpg
[2011/04/16 23:30:05 | 000,134,386 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\meteor_earth.jpg
[2011/04/16 22:51:04 | 000,039,622 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\bomba-nuclear-1.jpg
[2011/04/16 22:07:30 | 000,060,405 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\securedownload-3.jpg
[2011/04/16 19:00:04 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/04/16 17:28:30 | 009,059,483 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\DRIPPING WET.mp3
[2011/04/16 17:28:30 | 009,059,483 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Drippin follow @traystackz.mp3
[2011/04/16 17:01:36 | 000,390,144 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Dripping wet.pk
[2011/04/16 17:01:34 | 079,884,532 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Dripping wet.wav
[2011/04/16 01:10:43 | 081,621,203 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\freaky friday mix Follow @djhotboysmooth.mp3
[2011/04/15 20:33:05 | 081,614,959 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\freaky fridaymaster1.mp3
[2011/04/15 08:55:54 | 000,001,063 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\CyberLink PowerDirector.lnk
[2011/04/15 05:40:41 | 048,889,148 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Freakyfridaymix.mp3
[2011/04/15 04:46:42 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Broadcast\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC 3.lnk
[2011/04/15 04:46:42 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\SpeedUpMyPC 3.lnk
[2011/04/15 04:32:10 | 000,323,957 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\Freaky-friday.jpg
[2011/04/15 03:57:05 | 000,024,292 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\b35-cover.gif
[2011/04/15 03:46:04 | 000,043,684 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\ice-cream.jpg
[2011/04/15 03:24:54 | 000,045,560 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\sc0111c.jpg
[2011/04/15 03:04:24 | 000,032,106 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Marques_Houston_17100_2.jpg
[2011/04/15 03:01:25 | 000,416,635 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\bedro1om.jpg
[2011/04/15 03:00:39 | 000,553,986 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\bedroom.jpg
[2011/04/12 10:53:56 | 038,433,167 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\follow twitter @djhotboysmooth R&B Bully.mp3
[2011/04/11 18:13:59 | 000,036,857 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\sextape_cover_1234jpg.jpg
[2011/04/11 16:54:44 | 150,505,049 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\Sony ACID Pro 7.zip
[2011/04/11 16:53:33 | 000,002,644 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\Register ACID Pro.htm
[2011/04/11 16:10:54 | 002,439,881 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\chris brown slow juke.mp3
[2011/04/09 17:45:13 | 000,316,958 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\killinh.jpg
[2011/04/09 17:40:25 | 000,315,743 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\mixtape12.jpg
[2011/04/09 17:05:32 | 000,051,591 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\flagship-store-stock441.jpg
[2011/04/09 17:05:09 | 000,087,407 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\fire--water-stock4673.jpg
[2011/04/07 04:52:45 | 014,248,310 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\DJ hb smooth.mp4
[2011/04/07 04:44:31 | 000,005,018 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/04/06 16:11:20 | 937,474,370 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\MVI_0033.AVI
[2011/04/06 00:11:31 | 007,726,020 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Mak a move.mp3
[2011/04/05 22:39:22 | 000,240,314 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\chrisbrownmakea3movie.pk
[2011/04/05 22:37:51 | 024,600,620 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\chrisbrownmakea3movie.wav
[2011/04/05 22:34:51 | 026,021,932 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\chrisbrownmakeamovie.wav
[2011/04/05 21:58:33 | 013,447,996 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Slow dance.mp3
[2011/04/05 20:33:33 | 000,376,914 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\keri hilsson.pk
[2011/04/05 20:31:47 | 038,588,460 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\keri hilsson.wav
[2011/04/05 20:23:30 | 038,146,092 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\chris.wav
[2011/04/05 09:14:48 | 096,162,497 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Below freezing vol 2 hosted by Young Chitown.zip
[2011/04/05 07:19:45 | 000,201,843 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\wallpaper_binary_domain_01_1024.jpg
[2011/04/05 07:13:11 | 000,356,226 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Mortal_Kombat_Sub-Zero_Wallpaper_67x5.jpg
[2011/04/05 07:12:18 | 000,176,270 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\wallpaper_mortal_kombat_deceptio-4.jpg
[2011/04/05 05:12:14 | 001,559,374 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\below freezing vol 2 hostedby .pk
[2011/04/05 05:11:31 | 1277,371,740 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\below freezing vol 2 hostedby .wav
[2011/04/05 03:52:21 | 001,912,644 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\belowfreezenvol2.pk
[2011/04/05 02:10:15 | 130,691,116 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\R&Bmix.wav
[2011/04/05 01:48:28 | 583,741,484 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\belowfreezenvol2.wav
[2011/04/04 22:35:21 | 000,001,120 | -HS- | M] () -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q
[2011/04/04 22:35:21 | 000,001,120 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q
[2011/04/03 13:25:03 | 000,042,833 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\0005054vR4I.jpg
[2011/04/03 06:31:52 | 018,010,881 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\intermission.psd
[2011/04/03 05:18:16 | 000,388,716 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\intermission.jpg
[2011/04/03 05:08:43 | 000,386,221 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\intermissionf.jpg
[2011/04/03 04:31:07 | 000,557,252 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\Untitled-4.jpg
[2011/04/03 02:45:15 | 000,071,274 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\COllege-freak-facebook-profile.jpg
[2011/04/02 15:27:05 | 026,715,792 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\okjust a mix.mp3
[2011/04/02 15:23:39 | 000,094,046 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\Untitled-1.jpg
[2011/03/31 12:29:55 | 000,758,584 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Untitled_mixdown.pk
[2011/03/31 12:29:51 | 179,615,420 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Untitled_mixdown.wav
[2011/03/31 11:59:35 | 000,753,564 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Track 1 and 2.pk
[2011/03/31 11:59:31 | 177,559,676 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Track 1 and 2.wav
[2011/03/30 21:27:15 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\FL Studio 10.lnk
[2011/03/30 16:20:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/29 07:23:49 | 000,360,099 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\cover-1.jpg
[2011/03/29 04:21:39 | 000,310,286 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\trey-day-cover.jpg
[2011/03/29 01:44:30 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\exefix_xp.com
[2011/03/29 01:36:45 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\Fix_Manage_Error.reg
[2011/03/29 00:45:44 | 054,521,566 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\R&B INTERMISSION DJ .mp3
[2011/03/28 23:38:17 | 000,001,208 | -HS- | M] () -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\g6nnepnu40071i165yby4j4jcq870my68c14fk6cjto
[2011/03/28 23:38:17 | 000,001,208 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\g6nnepnu40071i165yby4j4jcq870my68c14fk6cjto
[2011/03/28 07:18:33 | 002,406,210 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\Untitled-2.psd
[2011/03/28 06:53:44 | 000,132,938 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\practe-4.jpg
[2011/03/28 06:51:25 | 000,130,504 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\practice-3.jpg
[2011/03/28 06:12:29 | 000,109,968 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\practice-2.jpg
[2011/03/28 06:10:00 | 000,121,146 | ---- | M] () -- C:\Documents and Settings\Broadcast\My Documents\practice1.jpg
[2011/03/27 15:36:58 | 000,002,082 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel DVD MovieFactory 7 Launcher.lnk
[2011/03/25 19:07:43 | 003,578,031 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Wet the bed.mp3
[2011/03/25 19:05:06 | 1148,053,815 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Sequence 02.avi
[2011/03/25 14:25:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/25 04:36:06 | 035,354,301 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Freaky friday.mp3
[2011/03/25 03:56:27 | 001,656,232 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\smoothseason.mp3
[2011/03/24 21:50:58 | 001,927,048 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\THROW IT BACK.mp3
[2011/03/24 17:17:10 | 2653,971,756 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Sequence 01.avi
[2011/03/24 02:26:32 | 002,945,019 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\IMG_2108.jpg
[2011/03/23 17:44:27 | 000,294,764 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Collegefreak9-5.jpg
[2011/03/22 21:51:01 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/22 17:47:13 | 000,039,497 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces008.mp3
[2011/03/22 17:44:40 | 005,762,821 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces007.mp3
[2011/03/22 17:40:40 | 005,303,902 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces006.mp3
[2011/03/22 17:36:59 | 005,429,916 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces005.mp3
[2011/03/22 17:33:12 | 005,246,223 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces004.mp3
[2011/03/22 17:29:34 | 003,822,445 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces003.mp3
[2011/03/22 17:26:55 | 004,884,480 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces002.mp3
[2011/03/22 17:23:31 | 005,014,256 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces001.mp3
[2011/03/22 17:13:04 | 000,349,204 | ---- | M] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces000.mp3
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/18 15:23:07 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\MagicISO.lnk
[2011/04/18 15:22:12 | 003,067,400 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Setup_MagicISO.exe
[2011/04/18 15:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/04/18 10:54:13 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2011/04/18 10:54:13 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/04/18 10:54:12 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/04/18 10:54:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/04/18 10:54:12 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/04/18 10:54:12 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/04/18 10:54:04 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2011/04/18 10:53:59 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2011/04/18 10:53:59 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2011/04/18 10:53:53 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\Broadcast\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/04/18 10:53:53 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/04/18 10:53:48 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2011/04/18 08:19:19 | 000,233,085 | -HS- | C] () -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\cth.exe
[2011/04/18 08:01:11 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\My Computer.lnk
[2011/04/18 07:32:12 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/18 07:24:39 | 062,623,864 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\setup_av_free.exe
[2011/04/18 06:38:50 | 000,000,232 | ---- | C] () -- C:\Boot.bak
[2011/04/18 06:38:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/18 06:29:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/18 06:29:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/18 06:29:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/18 06:29:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/18 06:29:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/18 05:24:44 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\tdsskiller.zip
[2011/04/18 03:34:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/18 03:15:25 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\tdsskiller.zip
[2011/04/17 23:44:06 | 000,001,823 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Windows Cannot Find Fix Wizard.lnk
[2011/04/17 22:40:58 | 000,004,666 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\restorethemes.reg
[2011/04/17 22:31:47 | 000,001,120 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\visualstylefix.reg
[2011/04/17 21:17:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ngijohesewe.dat
[2011/04/17 21:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ifeyogebutebo.bin
[2011/04/17 02:23:41 | 001,318,249 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\CLUB-FREAKNIK.jpg
[2011/04/17 02:23:23 | 001,318,249 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\firs-tever-flyuer.jpg
[2011/04/16 23:30:05 | 000,134,386 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\meteor_earth.jpg
[2011/04/16 22:51:03 | 000,039,622 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\bomba-nuclear-1.jpg
[2011/04/16 22:07:26 | 000,060,405 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\securedownload-3.jpg
[2011/04/16 17:50:04 | 009,059,483 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Drippin follow @traystackz.mp3
[2011/04/16 17:05:20 | 009,059,483 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\DRIPPING WET.mp3
[2011/04/16 17:01:36 | 000,390,144 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Dripping wet.pk
[2011/04/16 17:01:26 | 079,884,532 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Dripping wet.wav
[2011/04/15 20:47:18 | 081,621,203 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\freaky friday mix Follow @djhotboysmooth.mp3
[2011/04/15 20:20:30 | 081,614,959 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\freaky fridaymaster1.mp3
[2011/04/15 04:46:42 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Broadcast\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC 3.lnk
[2011/04/15 04:46:42 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\SpeedUpMyPC 3.lnk
[2011/04/15 04:32:10 | 000,323,957 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\Freaky-friday.jpg
[2011/04/15 03:57:04 | 000,024,292 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\b35-cover.gif
[2011/04/15 03:46:03 | 000,043,684 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\ice-cream.jpg
[2011/04/15 03:24:53 | 000,045,560 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\sc0111c.jpg
[2011/04/15 03:04:22 | 000,032,106 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Marques_Houston_17100_2.jpg
[2011/04/15 03:01:24 | 000,416,635 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\bedro1om.jpg
[2011/04/15 03:00:37 | 000,553,986 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\bedroom.jpg
[2011/04/15 02:20:28 | 048,889,148 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Freakyfridaymix.mp3
[2011/04/12 10:02:24 | 038,433,167 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\follow twitter @djhotboysmooth R&B Bully.mp3
[2011/04/11 18:13:51 | 000,036,857 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\sextape_cover_1234jpg.jpg
[2011/04/11 16:58:22 | 150,505,049 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\Sony ACID Pro 7.zip
[2011/04/11 16:51:07 | 000,002,644 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\Register ACID Pro.htm
[2011/04/09 17:45:13 | 000,316,958 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\killinh.jpg
[2011/04/09 17:40:24 | 000,315,743 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\mixtape12.jpg
[2011/04/09 17:05:31 | 000,051,591 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\flagship-store-stock441.jpg
[2011/04/09 17:05:08 | 000,087,407 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\fire--water-stock4673.jpg
[2011/04/09 00:34:18 | 002,439,881 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\chris brown slow juke.mp3
[2011/04/07 05:25:33 | 937,474,370 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\MVI_0033.AVI
[2011/04/07 04:50:03 | 014,248,310 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\DJ hb smooth.mp4
[2011/04/05 23:59:03 | 007,726,020 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Mak a move.mp3
[2011/04/05 22:39:22 | 000,240,314 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\chrisbrownmakea3movie.pk
[2011/04/05 22:35:31 | 024,600,620 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\chrisbrownmakea3movie.wav
[2011/04/05 22:32:20 | 026,021,932 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\chrisbrownmakeamovie.wav
[2011/04/05 21:55:43 | 013,447,996 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Slow dance.mp3
[2011/04/05 20:33:33 | 000,376,914 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\keri hilsson.pk
[2011/04/05 20:27:47 | 038,588,460 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\keri hilsson.wav
[2011/04/05 20:19:53 | 038,146,092 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\chris.wav
[2011/04/05 09:14:31 | 096,162,497 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Below freezing vol 2 hosted by Young Chitown.zip
[2011/04/05 07:19:44 | 000,201,843 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\wallpaper_binary_domain_01_1024.jpg
[2011/04/05 07:13:11 | 000,356,226 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Mortal_Kombat_Sub-Zero_Wallpaper_67x5.jpg
[2011/04/05 07:12:17 | 000,176,270 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\wallpaper_mortal_kombat_deceptio-4.jpg
[2011/04/05 05:12:14 | 001,559,374 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\below freezing vol 2 hostedby .pk
[2011/04/05 05:06:31 | 1277,371,740 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\below freezing vol 2 hostedby .wav
[2011/04/05 03:52:21 | 001,912,644 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\belowfreezenvol2.pk
[2011/04/05 01:57:51 | 130,691,116 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\R&Bmix.wav
[2011/04/05 00:53:11 | 583,741,484 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\belowfreezenvol2.wav
[2011/04/04 22:35:20 | 000,001,120 | -HS- | C] () -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q
[2011/04/04 22:35:20 | 000,001,120 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q
[2011/04/03 23:41:03 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/03 13:25:02 | 000,042,833 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\0005054vR4I.jpg
[2011/04/03 05:18:16 | 000,388,716 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\intermission.jpg
[2011/04/03 05:08:42 | 000,386,221 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\intermissionf.jpg
[2011/04/03 04:31:07 | 000,557,252 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\Untitled-4.jpg
[2011/04/03 02:45:15 | 000,071,274 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\COllege-freak-facebook-profile.jpg
[2011/04/02 15:23:39 | 000,094,046 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\Untitled-1.jpg
[2011/03/31 12:29:55 | 000,758,584 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Untitled_mixdown.pk
[2011/03/31 12:29:28 | 179,615,420 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Untitled_mixdown.wav
[2011/03/31 11:59:35 | 000,753,564 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Track 1 and 2.pk
[2011/03/31 11:59:15 | 177,559,676 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Track 1 and 2.wav
[2011/03/30 21:27:15 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\FL Studio 10.lnk
[2011/03/29 07:23:49 | 000,360,099 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\cover-1.jpg
[2011/03/29 04:21:39 | 000,310,286 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\trey-day-cover.jpg
[2011/03/29 01:44:27 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\exefix_xp.com
[2011/03/29 01:36:44 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\Fix_Manage_Error.reg
[2011/03/28 23:38:16 | 000,001,208 | -HS- | C] () -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\g6nnepnu40071i165yby4j4jcq870my68c14fk6cjto
[2011/03/28 23:38:16 | 000,001,208 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\g6nnepnu40071i165yby4j4jcq870my68c14fk6cjto
[2011/03/28 07:18:29 | 002,406,210 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\Untitled-2.psd
[2011/03/28 06:53:44 | 000,132,938 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\practe-4.jpg
[2011/03/28 06:51:25 | 000,130,504 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\practice-3.jpg
[2011/03/28 06:12:29 | 000,109,968 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\practice-2.jpg
[2011/03/28 06:09:59 | 000,121,146 | ---- | C] () -- C:\Documents and Settings\Broadcast\My Documents\practice1.jpg
[2011/03/27 21:04:31 | 054,521,566 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\R&B INTERMISSION DJ .mp3
[2011/03/27 15:37:24 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/03/27 15:37:24 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/03/27 15:37:24 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/03/27 15:37:24 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/03/27 15:37:24 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/03/27 15:37:23 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/03/27 15:36:58 | 000,002,082 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel DVD MovieFactory 7 Launcher.lnk
[2011/03/25 19:01:16 | 1148,053,815 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Sequence 02.avi
[2011/03/25 04:31:18 | 035,354,301 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Freaky friday.mp3
[2011/03/25 03:55:59 | 001,656,232 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\smoothseason.mp3
[2011/03/25 02:54:40 | 003,578,031 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Wet the bed.mp3
[2011/03/24 21:50:50 | 001,927,048 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\THROW IT BACK.mp3
[2011/03/24 17:15:23 | 2653,971,756 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Sequence 01.avi
[2011/03/24 16:03:14 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Pro CS3.lnk
[2011/03/24 15:59:34 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/03/24 15:59:14 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/03/24 15:57:21 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/03/24 15:35:50 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-261478967-842925246-1005UA.job
[2011/03/24 15:35:45 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-261478967-842925246-1005Core.job
[2011/03/24 02:26:30 | 002,945,019 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\IMG_2108.jpg
[2011/03/23 17:44:26 | 000,294,764 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Collegefreak9-5.jpg
[2011/03/22 17:44:40 | 000,039,497 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces008.mp3
[2011/03/22 17:40:40 | 005,762,821 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces007.mp3
[2011/03/22 17:36:59 | 005,303,902 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces006.mp3
[2011/03/22 17:33:12 | 005,429,916 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces005.mp3
[2011/03/22 17:29:34 | 005,246,223 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces004.mp3
[2011/03/22 17:26:55 | 003,822,445 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces003.mp3
[2011/03/22 17:23:31 | 004,884,480 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces002.mp3
[2011/03/22 17:13:04 | 005,014,256 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces001.mp3
[2011/03/22 17:12:50 | 000,349,204 | ---- | C] () -- C:\Documents and Settings\Broadcast\Desktop\Chris Brown dueces000.mp3
[2011/03/12 18:30:22 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Broadcast\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 02:48:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2011/02/01 20:01:16 | 000,299,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2011/02/01 20:01:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\vsnpstd.exe
[2011/02/01 20:01:15 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2011/02/01 20:01:15 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2011/02/01 19:47:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2011/01/14 17:07:09 | 000,168,278 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2011/01/14 17:07:09 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2011/01/10 06:35:22 | 000,000,635 | ---- | C] () -- C:\WINDOWS\STBC.INI
[2011/01/05 13:58:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/31 19:59:59 | 000,042,520 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/30 08:15:36 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\B193B73CD4.sys
[2010/12/30 08:15:34 | 000,005,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/12/27 19:30:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/26 04:14:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/24 17:07:41 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/12/24 00:53:53 | 000,011,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2010/12/23 19:10:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/23 12:47:25 | 000,004,361 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/23 12:46:07 | 001,499,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/23 11:08:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/12/23 11:02:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/23 11:00:31 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/12/23 10:54:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/23 10:54:11 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/12/23 10:54:00 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/10/12 23:40:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/05 14:18:34 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000104.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 275 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8

< End of report >

Djhbsmooth1
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-04-18
OS OS : xp
Points Points : 20668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ issue

Post by Djhbsmooth1 on Tue Apr 19, 2011 1:07 am

OTL Extras logfile created on: 4/18/2011 7:53:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Broadcast\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 800.00 Mb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 160.60 Gb Free Space | 53.88% Space Free | Partition Type: NTFS

Computer Name: HBSMOOTH-E15140 | User Name: Broadcast | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Dj hb smooth\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Dj hb smooth\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5 -- ()
"C:\Documents and Settings\Broadcast\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Broadcast\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - SP1 x86 9.0.30729.4148
"{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5B5D4C57-534A-CC38-E7F0-F5993C40F4C6}" = Google Voice
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{67CBAF0F-302F-451A-B32D-3E6AFA2FC6D2}" = PostgreSQL 8.0-beta2-dev3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7793CBAA-077D-4BDA-BD1C-95B5BBEE5C47}" = TweetAttacks
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - SP1 x86 8.0.59193
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901B40CE-DA10-419B-BF71-8EF3253BD9B4}" = HashTab
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable


Djhbsmooth1
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-04-18
OS OS : xp
Points Points : 20668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ issue

Post by Djhbsmooth1 on Tue Apr 19, 2011 1:08 am

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1AEA642-5E48-0189-8826-7D5D5A4AB799}" = FedEx Desktop
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FBC0353C-CAFA-4648-91BC-9299774A80E8}" = Mp3 Song Plays Increaser
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AIM_7" = AIM 7
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CoffeeCup Free Zip Wizard" = CoffeeCup Free Zip Wizard
"com.rstoeber.GoogleVoice.913F9D81260FD6F3F98FE8A907686CD092F1C90D.1" = Google Voice
"conduitEngine" = Conduit Engine
"Dream Aquarium_is1" = Dream Aquarium 1.24
"Drumaxx" = Drumaxx
"EzGenerator Trial" = EzGenerator Trial 3.0
"FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1" = FedEx Desktop
"GE 98063 EasyCam" = GE 98063 EasyCam
"Gizmo5" = Gizmo5
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IL Download Manager" = IL Download Manager
"InstallShield_{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7 TBYB
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Internet Download Manager" = Internet Download Manager
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Firefox 4.0b12 (x86 en-US)" = Mozilla Firefox 4.0b12 (x86 en-US)
"MVApplication1" = Memorex exPressit Label Design Studio
"MyPodcast Recorder_is1" = MyPodcast Recorder 2.08
"MySpace Views Increaser" = MySpace Views Increaser
"Nero8Lite_is1" = Nero 8 Lite
"PoiZone" = PoiZone
"Registry Mechanic_is1" = Registry Mechanic 10.0.0.132
"Sakura" = Sakura
"SAM3" = SAM3 (remove only)
"Sawer" = Sawer
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"Spyware Doctor" = Spyware Doctor 7.0
"Toxic Biohazard" = Toxic Biohazard
"Tweak UI 2.10" = Tweak UI
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Unlocker" = Unlocker 1.9.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Cannot Find Fix Wizard_is1" = Windows Cannot Find Fix Wizard
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2011 3:51:03 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19893594

Error - 2/25/2011 3:51:03 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19893594

Error - 2/26/2011 8:10:23 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr));
failed: 10048 (Only one usage of each socket address (protocol/network address/port)
is normally permitted.)

Error - 2/26/2011 8:10:23 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = ERROR: udsserver_init: 203 (The system could not find the environment
option that was entered.)

Error - 2/26/2011 8:11:27 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr));
failed: 10048 (Only one usage of each socket address (protocol/network address/port)
is normally permitted.)

Error - 2/26/2011 8:11:27 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = ERROR: udsserver_init: 203 (The system could not find the environment
option that was entered.)

Error - 2/26/2011 8:12:59 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr));
failed: 10048 (Only one usage of each socket address (protocol/network address/port)
is normally permitted.)

Error - 2/26/2011 8:12:59 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = ERROR: udsserver_init: 203 (The system could not find the environment
option that was entered.)

Error - 2/26/2011 9:31:25 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = ERROR: bind(listenfd, (struct sockaddr *) &laddr, sizeof(laddr));
failed: 10048 (Only one usage of each socket address (protocol/network address/port)
is normally permitted.)

Error - 2/26/2011 9:31:25 AM | Computer Name = HBSMOOTH-E15140 | Source = Bonjour Service | ID = 100
Description = ERROR: udsserver_init: 203 (The system could not find the environment
option that was entered.)

[ System Events ]
Error - 4/18/2011 5:44:53 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 4/18/2011 5:45:23 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/18/2011 5:48:53 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 4/18/2011 5:49:23 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/18/2011 5:50:53 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 4/18/2011 5:51:23 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/18/2011 7:08:23 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/18/2011 8:39:02 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 4/18/2011 8:51:47 PM | Computer Name = HBSMOOTH-E15140 | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 4/18/2011 8:52:10 PM | Computer Name = HBSMOOTH-E15140 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

Djhbsmooth1
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-04-18
OS OS : xp
Points Points : 20668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ issue

Post by Belahzur on Tue Apr 19, 2011 7:49 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ issue

Post by Djhbsmooth1 on Tue Apr 19, 2011 8:12 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6388

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/19/2011 3:09:54 PM
mbam-log-2011-04-19 (15-09-54).txt

Scan type: Quick scan
Objects scanned: 213926
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I believe the trojan is still on my computer because am still stuck in windows classic theme

Djhbsmooth1
Novice
Novice

Posts Posts : 6
Joined Joined : 2011-04-18
OS OS : xp
Points Points : 20668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Agent_r.XJ issue

Post by Belahzur on Wed Apr 20, 2011 9:34 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum