Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

an unhandled win32 exception occurred in svchost.exe [1556]

Started by techvech , Sep 06 2009 09:57 AM

  • This topic is locked This topic is locked

#1
techvech
Posted 06 September 2009 - 09:57 AM

techvech

    Member

  • Member
  • PipPip
  • 75 posts
hi !
my computer shows the error
"an unhandled win32 exception occurred in svchost.exe [1556]", "an unhandled win32 exception occurred in svchost.exe [xxxx]"
where xxxx is a random number..
after that, the internet stops working, and sometimes i have the BSOD which says,
A problem has been detected and windows has been shut down to prevent damage to your computer, the problem seems to be caused by the following file:
rdbss.sys
also , i cannot boot in safemode , it shows a BSOD which says, your computer may have a virus or problem with a new harddisk etc..

i had posted this as an OS issues here :
http://www.geekstogo.com/forum/an-unhandled-win32-exception-occurred-svchost-exe-1556andquot-t248272.html

I have been redirected here now:
i am posting the logs as asked:
after running MBAM , the problem remains , but it occurs after a longer period.
MBAM LOG :

Malwarebytes' Anti-Malware 1.40
Database version: 2747
Windows 5.1.2600 Service Pack 2

9/6/2009 4:06:35 PM
mbam-log-2009-09-06 (16-06-35).txt

Scan type: Quick Scan
Objects scanned: 99083
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\toolbar_bho.ietoolbar (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar_bho.ietoolbar.1 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ff78efd-0213-4a73-ac23-6a489190dbfb} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{489873ce-f3e1-44a3-8e89-04be26be4446} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{296ab1c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{065683c4-c71a-47f1-830b-7d9309d3913d} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{489873ce-f3e1-44a3-8e89-04be26be4446} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{296ab1c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{489873ce-f3e1-44a3-8e89-04be26be4446} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296ab1c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\firefox (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\firefox (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\firefox (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\serverdk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\serverdk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\serverdk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winhelp32 (Backdoor.Hupigon) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\winhelp32 (Backdoor.Hupigon) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winhelp32 (Backdoor.Hupigon) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ietimber (Adware.Fastlook) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ietimber (Adware.Fastlook) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SERVER_THIS (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpidisk (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Hosts Controller (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Internet Explorer\IETimber (Adware.Fastlook) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\oulxjy.sys (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\IETimber\IP.dat (Adware.Fastlook) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\IETimber\uISGRLFile.dat (Adware.Fastlook) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\IETimber\Uninstall.exe (Adware.Fastlook) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B4eocaps.SRG (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\firefox.exe (Backdoor.IRCBot) -> Delete on reboot.
C:\WINDOWS\system32\i\J001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\server.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Winhelp32.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully.
C:\WINDOWS\system\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.





RootRepeal Log :

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/06 21:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: aiielfue.SYS
Image Path: C:\WINDOWS\System32\Drivers\aiielfue.SYS
Address: 0xBA7D7000 Size: 417792 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9946000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B9C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP9284
Image Path: \Driver\PCI_NTPNP9284
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA86BB000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7cc60e6

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7cc60dc

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7cc60eb

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7cc60f5

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf753be2c

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf753c1ba

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7cc60fa

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf75360b0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7cc60c8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7cc60cd

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf753c292

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf753c112

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7cc6104

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7cc60ff

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7cc60f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7cc60d7

==EOF==




OTL.txt LOG

OTL logfile created on: 9/6/2009 9:07:15 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 601.29 Mb Available Physical Memory | 59.30% Memory free
2.90 Gb Paging File | 2.47 Gb Available in Paging File | 85.27% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 7.42 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive D: | 25.89 Gb Total Space | 13.15 Gb Free Space | 50.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AASHISH-B4GS7NQ
Current User Name: aashish
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/07/31 19:06:24 | 00,458,752 | ---- | M] (Conexant Systems Inc.) -- C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
PRC - [2001/11/06 13:32:42 | 00,131,072 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2009/06/30 01:01:14 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/11/28 16:55:14 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/11/28 16:52:00 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 16:55:58 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/04/17 15:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2001/07/13 10:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/06/28 21:27:05 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/08/31 01:45:07 | 00,271,744 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2009/08/06 15:51:30 | 00,041,051 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
PRC - [2009/08/31 01:45:07 | 00,210,304 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe
PRC - [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/06 20:47:55 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (33BD7555 [Disabled | Stopped])
SRV - [2008/09/16 12:03:18 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0 [Disabled | Stopped])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (fdos [Auto | Stopped])
SRV - [2009/06/30 22:47:42 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - File not found -- -- (gjunj [Auto | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2005/10/14 16:20:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Disabled | Stopped])
SRV - [2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2005/10/14 16:21:12 | 00,239,320 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2005/10/14 03:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - File not found -- -- (tdgfv [Auto | Stopped])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2008/11/10 02:18:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.14907
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://mystart.incre...d...t_v2="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/30 01:01:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WaterProof\PHPEdit\3.4.2\Tools\FirefoxExtension\unpacked [2009/08/30 23:49:27 | 00,000,000 | ---D | M]

[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions
[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/04 11:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions
[2009/07/06 23:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/29 16:39:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/07/05 16:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\[email protected]
[2009/08/31 01:37:19 | 00,002,149 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\Mozilla\FireFox\Profiles\z5c7iqzw.default\searchplugins\MyStart Search.xml
[2009/09/06 16:15:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/02 22:54:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/30 01:01:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/06 01:45:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/06/30 01:01:14 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/24 11:40:40 | 00,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDimdimControl.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CnxDslTaskBar] C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe (Conexant Systems Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\aashish\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Scan link by Dr.Web - File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 19:47:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: ERSvc - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/09/06 20:20:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/06 20:20:53 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/06 20:20:50 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/06 20:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/06 17:50:24 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/06 17:50:14 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/06 17:50:14 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/09/06 17:50:14 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/06 17:50:14 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/06 17:50:13 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/06 17:50:08 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/06 17:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/06 16:51:22 | 00,858,652 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\avc_report22.pdf
[2009/09/06 16:08:23 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/06 15:52:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Malwarebytes
[2009/09/06 15:52:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/06 15:43:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/06 15:43:14 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\NTREGOPT.lnk
[2009/09/06 15:43:14 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ERUNT.lnk
[2009/09/06 15:43:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/06 15:42:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\malware rem tools
[2009/09/06 00:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\New Folder
[2009/09/05 12:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page_files
[2009/09/05 12:14:23 | 00,015,153 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page.htm
[2009/09/05 12:12:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page_files
[2009/09/05 12:12:48 | 00,044,236 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page.htm
[2009/09/05 12:03:46 | 02,956,854 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ebay not avaliable.bmp
[2009/09/05 11:50:06 | 00,459,776 | ---- | C] () -- C:\WINDOWS\System32\capisrv.dll
[2009/09/05 11:49:26 | 00,686,592 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009/09/05 02:41:22 | 00,084,945 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World.htm
[2009/09/05 02:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World_files
[2009/09/05 02:25:29 | 00,028,364 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\iPod How to find the serial number.htm
[2009/09/05 02:24:13 | 00,075,276 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods.htm
[2009/09/05 02:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods_files
[2009/09/05 01:50:53 | 00,026,081 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\september 5th Anti Virus log.xml
[2009/09/05 01:25:42 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/09/05 01:25:42 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/09/05 01:15:49 | 00,030,032 | ---- | C] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/05 00:46:49 | 00,479,501 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\mybill.pdf
[2009/09/04 22:29:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/04 20:14:55 | 00,100,706 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 20:14:43 | 00,099,029 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST).htm
[2009/09/04 20:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST)_files
[2009/09/04 20:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST)_files
[2009/09/04 19:56:09 | 00,102,139 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 19:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST)_files
[2009/09/03 02:27:51 | 00,001,079 | ---- | C] () -- C:\Documents and Settings\aashish\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
[2009/09/03 02:27:28 | 00,000,000 | ---D | C] -- C:\Program Files\Apache Software Foundation
[2009/09/03 01:25:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\drupal-6.13
[2009/09/02 23:07:57 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/02 23:07:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\skypePM
[2009/09/02 22:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Skype
[2009/09/02 22:52:53 | 00,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/02 22:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/02 22:52:45 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/02 22:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/08/31 01:46:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Local Settings\Application Data\IM
[2009/08/31 01:46:15 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[2009/08/31 01:45:33 | 00,000,000 | ---D | C] -- C:\Program Files\IncrediMail
[2009/08/31 01:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/08/31 01:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/08/31 01:36:18 | 00,648,216 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\incredimail_install.exe
[2009/08/31 00:07:59 | 00,000,504 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to gimp-2.6.7-i686-setup.lnk
[2009/08/31 00:00:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\exercises
[2009/08/30 23:56:33 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PHPEdit 3.4.2.lnk
[2009/08/30 23:56:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\web projects
[2009/08/30 23:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\WaterProof
[2009/08/30 23:49:09 | 00,000,000 | ---D | C] -- C:\Program Files\WaterProof
[2009/08/29 18:53:49 | 00,650,111 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\dcb.pdf
[2009/08/26 10:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form_files
[2009/08/26 10:29:49 | 00,005,615 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form.htm
[2009/08/24 13:31:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\dvdcss

========== Files - Modified Within 14 Days ==========

[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/09/06 20:20:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/06 20:20:02 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL DIAL UP.lnk
[2009/09/06 20:19:39 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL ADSL USB Modem Control Panel.lnk
[2009/09/06 20:19:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/06 20:19:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/06 20:19:19 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/06 20:07:05 | 00,581,889 | ---- | M] () -- C:\WINDOWS\System32\oulxjy
[2009/09/06 18:03:06 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for aashish.job
[2009/09/06 17:55:55 | 00,459,776 | ---- | M] () -- C:\WINDOWS\System32\capisrv.dll
[2009/09/06 17:55:17 | 00,686,592 | ---- | M] () -- C:\WINDOWS\System32\libmysql.dll
[2009/09/06 17:50:24 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/06 16:51:22 | 00,858,652 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\avc_report22.pdf
[2009/09/06 15:43:14 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\NTREGOPT.lnk
[2009/09/06 15:43:14 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ERUNT.lnk
[2009/09/05 12:14:26 | 00,015,153 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page.htm
[2009/09/05 12:12:59 | 00,044,236 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page.htm
[2009/09/05 12:03:47 | 02,956,854 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ebay not avaliable.bmp
[2009/09/05 02:41:22 | 00,084,945 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World.htm
[2009/09/05 02:25:40 | 00,028,364 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\iPod How to find the serial number.htm
[2009/09/05 02:24:13 | 00,075,276 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods.htm
[2009/09/05 01:50:53 | 00,026,081 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\september 5th Anti Virus log.xml
[2009/09/05 01:25:42 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/05 01:25:42 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/09/05 01:20:48 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/05 01:20:26 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 01:15:49 | 00,030,032 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/05 00:46:53 | 00,479,501 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\mybill.pdf
[2009/09/04 22:34:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/04 22:29:45 | 00,000,464 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/04 20:14:55 | 00,100,706 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 20:14:43 | 00,099,029 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST).htm
[2009/09/04 19:56:09 | 00,102,139 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/03 23:07:10 | 00,000,629 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/03 23:07:10 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/03 03:11:22 | 00,000,185 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/09/03 02:27:51 | 00,001,079 | ---- | M] () -- C:\Documents and Settings\aashish\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
[2009/09/02 23:07:57 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/02 22:52:53 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/08/31 11:13:58 | 00,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/31 01:49:50 | 00,030,032 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/31 01:46:15 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[2009/08/31 01:36:31 | 00,648,216 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\incredimail_install.exe
[2009/08/31 00:07:59 | 00,000,504 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to gimp-2.6.7-i686-setup.lnk
[2009/08/30 23:56:33 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PHPEdit 3.4.2.lnk
[2009/08/29 18:53:49 | 00,650,111 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\dcb.pdf
[2009/08/26 23:52:21 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Macromedia Dreamweaver 8.lnk
[2009/08/26 10:29:51 | 00,005,615 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form.htm
[2009/08/24 22:29:31 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\resume.doc

========== LOP Check ==========

[2009/09/06 17:32:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\aashish\Application Data
[2009/07/25 12:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\DataLayer
[2009/08/07 21:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Dimdim
[2009/08/24 13:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\dvdcss
[2009/08/29 23:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\FileZilla
[2009/07/27 23:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Nokia Multimedia Player
[2009/08/10 01:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Notepad++
[2009/06/28 23:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\PC Suite
[2009/08/24 21:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\TigerPlayer
[2009/08/30 23:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\WaterProof
[2009/09/06 17:50:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/28 23:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2009/06/28 23:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/30 22:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/08 01:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/31 01:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/08/31 01:45:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/08/07 21:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/07 21:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/06/29 00:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/06/28 20:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2001/08/18 22:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/06 18:03:06 | 00,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for aashish.job
[2009/09/06 20:19:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >




OTL Extra.txt LOG


OTL Extras logfile created on: 9/6/2009 9:07:15 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 601.29 Mb Available Physical Memory | 59.30% Memory free
2.90 Gb Paging File | 2.47 Gb Available in Paging File | 85.27% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 7.42 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive D: | 25.89 Gb Total Space | 13.15 Gb Free Space | 50.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AASHISH-B4GS7NQ
Current User Name: aashish
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{65A88B75-AD8D-4B9C-92DA-FEB137463595}" = PHP 5.3.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.13
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B74354C0-19E2-11DE-8C30-0800200C9A66}" = Screencaster Plug-in for FF
"{B7757137-0A71-4A9F-8A82-1AE4A1B73420}" = Nokia Connectivity Cable Driver
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel® PRO Network Connections 12.2.41.0
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C0031D6A-5160-4816-9B84-A37DE529C4BF}" = IncrediMail
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{c94b04c0-3a4c-4fd6-9414-e04a8e5b4d52}" = DFX 8 for Windows Media Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E136BB09-1BB2-49A0-9FF3-5C25564D3819}" = FastCGI x86
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF059F2A-62A7-4E6A-B305-559591D2769E}" = Nokia PC Suite
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"AccessRunner ADSL" = ZyXEL ADSL USB Modem WAN Adapter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"All ATI Software" = ATI - Software Uninstall Utility
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitComet" = BitComet 1.07
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.6.1
"IncrediMail" = IncrediMail 2.0
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"MpcStar" = MpcStar 3.3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"MsJavaVM" = Microsoft VM for Java
"Notepad++" = Notepad++
"NSS" = Norton Security Scan
"oDMCam" = oDesk MiniCam 2.0.73
"oDShare" = oDesk Share 2.0.69
"oDSSnap" = oDesk ScreenSnap 2.0.113
"oDVT" = oDesk Team 2.0.140
"PHPEdit" = PHPEdit 3.4.2
"PowerISO" = PowerISO
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 0.9.8a
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2009 2:34:06 PM | Computer Name = AASHISH-B4GS7NQ | Source = MsiInstaller | ID = 11321
Description = Product: BitDefender Definitions Update -- Error 1321. The Installer
has insufficient privileges to modify this file: C:\Program Files\Common Files\BitDefender\BitDefender
Threat Scanner\av32bit_000\Plugins\TBD35E.tmp.

Error - 8/31/2009 11:53:44 AM | Computer Name = AASHISH-B4GS7NQ | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [1568]. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 8/31/2009 11:53:44 AM | Computer Name = AASHISH-B4GS7NQ | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [1568]. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

[ System Events ]
Error - 9/6/2009 8:15:37 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The yjpdrpan service failed to start due to the following error: %%2

Error - 9/6/2009 8:20:19 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 9/6/2009 8:23:45 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7031
Description = The Application Experiences service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7023
Description = The VMservices service terminated with the following error: %%126

Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7023
Description = The Application Experiences service terminated with the following
error: %%126

Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The cfst service failed to start due to the following error: %%2

Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The fsg dhy service failed to start due to the following error: %%2

Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The gtdhgrfg service failed to start due to the following error: %%2

Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The yjpdrpan service failed to start due to the following error: %%2

Error - 9/6/2009 10:54:25 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >




I also installed Anti Avir Free Edition and the report is :




Avira AntiVir Personal
Report file date: Sunday, September 06, 2009 17:58

Scanning for 1684804 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM


Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 09:06:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 06:28:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 07:05:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 06:28:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 08:00:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 04:51:42
ANTIVIR2.VDF : 7.1.5.201 3414528 Bytes 9/3/2009 12:24:07
ANTIVIR3.VDF : 7.1.5.210 53760 Bytes 9/6/2009 12:24:12
Engineversion : 8.2.1.8
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 09:01:50
AESCRIPT.DLL : 8.1.2.27 467321 Bytes 9/6/2009 12:25:24
AESCN.DLL : 8.1.2.5 127346 Bytes 9/6/2009 12:25:11
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 05:29:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 09:01:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 05:29:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/6/2009 12:25:09
AEHELP.DLL : 8.1.7.0 237940 Bytes 9/6/2009 12:24:30
AEGEN.DLL : 8.1.1.60 364915 Bytes 9/6/2009 12:24:25
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 10:02:40
AECORE.DLL : 8.1.7.8 184692 Bytes 9/6/2009 12:24:15
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 10:02:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 04:17:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 06:02:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 10:04:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 06:02:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 10:35:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 06:07:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 10:33:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 03:51:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 06:02:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 11:09:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 05:49:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, September 06, 2009 17:58

Starting search for hidden objects.
'58541' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'Nss.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ImApp.exe' - '1' Module(s) have been scanned
Scan process 'IncMail.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0014572.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0014573.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0015510.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0015511.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0016509.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0016510.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0017509.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0017510.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0018598.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0018599.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019510.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019511.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019730.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019731.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019743.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019744.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0021744.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0021745.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022744.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022745.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022891.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022892.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0023890.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0023891.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024890.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024891.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024916.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024917.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024946.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024947.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024953.exe
[DETECTION] Is the TR/Dropper.Gen2 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026938.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026939.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026959.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026960.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026979.dll
[DETECTION] Is the TR/BHO.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026980.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026981.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026982.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0027995.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0027996.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0028995.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0028997.dll
[DETECTION] Is the TR/Expl.SqlShell.M Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0029009.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0029010.dll
[DETECTION] Is the TR/Expl.SqlShell.M Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030026.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030027.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030054.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030055.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030069.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030070.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030090.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030091.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030103.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030109.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0030131.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0030132.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031136.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031139.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031158.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031159.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0032178.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036194.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036198.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036222.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036223.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036241.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036243.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036277.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036279.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036293.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036294.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036315.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036316.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0037315.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0037316.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0038405.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0038406.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0039404.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0039405.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0040405.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0040406.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0043408.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0045433.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP75\A0046433.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP75\A0046448.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0048536.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0050535.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0051537.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0051560.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057563.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057581.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057603.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP77\A0057619.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0058673.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0058690.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0059690.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0059708.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0060727.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0060742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0061742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0063742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0063845.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0064846.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065846.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065861.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0071874.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP79\A0073873.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP79\A0074875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075896.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075935.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0076934.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0077934.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0077960.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0078975.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0079977.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP83\A0081312.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086385.sys
[DETECTION] Is the TR/Agent.Uka.2 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086386.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086388.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086389.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086390.exe
[DETECTION] Is the TR/Dldr.Agent.wha Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086397.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086398.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\cmptes.dll
[DETECTION] Is the TR/Dldr.Agent.ckvw Trojan
C:\WINDOWS\system32\comptres.dll
[DETECTION] Is the TR/Dldr.Agent.ckvy Trojan
C:\WINDOWS\system32\crdtsrv.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\WINDOWS\system32\oulxjy.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.ahls back-door program
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\downLOADS\quick access III\Downloads\Chrome\AutoShutdown.gadget
[0] Archive type: ZIP
--> core/gadget.js
[DETECTION] Contains recognition pattern of the JS/Shutdown Java script virus
D:\from C\quick access III\Downloads\Chrome\AutoShutdown.gadget
[0] Archive type: ZIP
--> core/gadget.js
[DETECTION] Contains recognition pattern of the JS/Shutdown Java script virus

Beginning disinfection:

C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0014572.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ad3c842.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0014573.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4b52f563.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0015510.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '49998f83.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0015511.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4ad3c843.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0016509.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '499ca6ec.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0016510.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4b518cac.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0017509.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '499daea4.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0017510.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4bace5d4.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0018598.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ba1af9c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0018599.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '499887cc.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019510.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '499f9f14.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019511.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '499e975c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019730.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4983be34.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019731.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '49685024.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019743.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4b569404.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019744.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4982b67c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0021744.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '49814e44.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0021745.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4ad3c844.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022744.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '49875dd5.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022745.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4986551d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022891.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '49856d65.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022892.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '498464ad.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0023890.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f1000e5.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0023891.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f17182d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024890.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f161075.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024891.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f1517bd.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024916.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f142f85.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024917.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f1b27cd.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024946.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f1a3f15.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024947.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f1ea415.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024953.exe
[DETECTION] Is the TR/Dropper.Gen2 Trojan
[NOTE] The file was moved to '4ad3c845.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026938.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f1cb3a6.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026939.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f034bee.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026959.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f024336.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026960.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f015b7e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026979.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was moved to '4f005346.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026980.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4f076a8e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026981.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4f0662d6.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026982.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4ad3c846.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0027995.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f047267.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0027996.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4ad3c847.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0028995.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f0a01f8.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0028997.dll
[DETECTION] Is the TR/Expl.SqlShell.M Trojan
[NOTE] The file was moved to '4f091930.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0029009.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f081108.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0029010.dll
[DETECTION] Is the TR/Expl.SqlShell.M Trojan
[NOTE] The file was moved to '4f0f2940.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030026.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f0e2098.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030027.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f0d38d0.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030054.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f0c3028.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030055.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f32c860.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030069.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f31cfb8.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030070.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f30c7f0.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030090.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f37dfc8.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030091.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f36d700.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030103.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f35ef58.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030109.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f34e690.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0030131.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f3bfee8.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0030132.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f3af620.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031136.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f398e78.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031139.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f3885b0.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031158.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ad3c848.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031159.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f3e95c1.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0032178.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f3dad19.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036194.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f3ca551.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036198.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f23bca9.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036222.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f22b4e1.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036223.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
[NOTE] The file was moved to '4f214c39.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036241.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
[NOTE] The file was moved to '4f269419.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036243.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ad3c849.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036277.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ad3c84a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036279.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
[NOTE] The file was moved to '4f2bbbe3.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036293.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4ad3c84b.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036294.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
[NOTE] The file was moved to '4f294b74.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036315.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4f28434c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036316.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
[NOTE] The file was moved to '4f2f5a84.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0037315.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4f2e52dc.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0037316.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
[NOTE] The file was moved to '4f2d6a14.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0038405.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4f2c626c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0038406.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
[NOTE] The file was moved to '4ad3c84c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0039404.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cd271fd.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0039405.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
[NOTE] The file was moved to '4cd10935.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0040405.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cd0010d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0040406.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
[NOTE] The file was moved to '4cd71945.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0043408.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
[NOTE] The file was moved to '4cd6109d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0045433.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cd528d5.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP75\A0046433.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4ad3c84d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP75\A0046448.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cdb3866.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0048536.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cda3fbe.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0050535.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '493da8ee.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0051537.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4cdfcfce.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0051560.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4cdec706.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057563.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4cdddf5e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057581.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cdcd696.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057603.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc3eeee.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP77\A0057619.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc2e626.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0058673.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc1fe7e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0058690.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc78d8e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0059690.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc0f5b6.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0059708.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc685c6.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0060727.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc59d1e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0060742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ad3c84e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0061742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccbacaf.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0063742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccaa4e7.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0063845.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc9bc3f.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0064846.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc8b477.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065846.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccf4c4f.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065861.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cce4387.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccd5bdf.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0071874.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccc5317.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP79\A0073873.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cf36b6f.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP79\A0074875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cf262a7.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ad3c84f.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075896.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cfb7400.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075935.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ad3c850.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0076934.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cf903b1.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0077934.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ad3c851.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0077960.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cff1322.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0078975.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cfe2b6a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0079977.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cfd2352.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP83\A0081312.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cfc3a9a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086385.sys
[DETECTION] Is the TR/Agent.Uka.2 Trojan
[NOTE] The file was moved to '4ce332c2.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086386.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce1ca0a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086388.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce0c272.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086389.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce7d9ba.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086390.exe
[DETECTION] Is the TR/Dldr.Agent.wha Trojan
[NOTE] The file was moved to '4ce6d1e2.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086397.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce5e92a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086398.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce4e112.qua'!
C:\WINDOWS\system32\cmptes.dll
[DETECTION] Is the TR/Dldr.Agent.ckvw Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b13c88f.qua'!
C:\WINDOWS\system32\comptres.dll
[DETECTION] Is the TR/Dldr.Agent.ckvy Trojan
[NOTE] The file was moved to '4b10c894.qua'!
C:\WINDOWS\system32\crdtsrv.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4b07c897.qua'!
C:\WINDOWS\system32\oulxjy.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.ahls back-door program
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4d36f04b.qua'!
D:\downLOADS\quick access III\Downloads\Chrome\AutoShutdown.gadget
[NOTE] The file was moved to '4b17c91a.qua'!
D:\from C\quick access III\Downloads\Chrome\AutoShutdown.gadget
[NOTE] The file was moved to '41f0a5eb.qua'!


End of the scan: Sunday, September 06, 2009 20:05
Used time: 1:54:51 Hour(s)

The scan has been done completely.

15310 Scanned directories
669860 Files were scanned
134 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
134 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
669723 Files not concerned
3644 Archives were scanned
7 Warnings
136 Notes
58541 Objects were scanned with rootkit scan
0 Hidden objects were found


I have another question : Why did AntiAvir move everything to Quarantine ? Should i go there and delete the files ??

thanks
  • 0

Advertisements

#2
jwang01
Posted 13 September 2009 - 11:51 AM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello techvech and and welcome to Geeks To Go. :)

I am jwang01 and I will be assisting you with your issue.

Sorry for the delay. This forum can get quite busy.

Please note that I am still in training here and all my post's need to be checked by an Expert before I can post them. This may cause a slight delay in my respones.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

I am currently reviewing your logs and will reply with instructions in my next reply. :)

Edited by jwang01, 13 September 2009 - 11:52 AM.

  • 0

#3
jwang01
Posted 13 September 2009 - 03:59 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


The files that are in quarintine are harmless now. It is much safer to quarintine files rather that delete them incase of False Positives. That way the file can be moved back to the right location. As long as no problems are being experianced, you can delete those files.


Why is is Avenger installed on your computer? It is very important that you do not run any scans or fixes on your computer while working with me here. This will help me help you. :)

Now let's start working on your computer.



Looking at your system now, one or more of the identified infections is a backdoor Trojan or Rootkit.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.



Next



I see that you are running a P2P programs. P2P programs often come bundled with malware when you install them. Also some of the things you download can come with malware. This is the likely cause of your infection. So the following green programs are optional removals. You can remove them by going to the add/remove programs from inside the control panel.

BitComet



Next


I think you are using a cracked version of Adobe. Downloading cracks is a risky move as most of them come bundled with malware. I would recommend staying away from cracks.


Next

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - File not found -- -- (33BD7555 [Disabled | Stopped])
SRV - File not found -- -- (fdos [Auto | Stopped])
[2009/09/06 20:07:05 | 00,581,889 | ---- | M] () -- C:\WINDOWS\System32\oulxjy

:Services
aiielfue.SYS

:Reg

:Files
C:\WINDOWS\System32\Drivers\aiielfue.SYS
C:\WINDOWS\System32\capisrv.dll
C:\WINDOWS\System32\ezsidmv.dat

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next


Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Analysis" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



Please post the log of OTL and attach both AVZ zip files in your next reply
  • 0

#4
techvech
Posted 14 September 2009 - 12:05 AM

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi Jwang01

Thanks for your reply..
1)Well i use my system for online transactions every other day :) , anyways i am going to check all my accounts for any mischief and change my passwords.

2)I used bitcomet as a download manager as well, but i have uninstalled it now.

3)I have deleted the Adobe from my system. And as you said, i am going to stay away from all this.

I did run a Antivirus Scan, day Before and it detected 4 infections.
Can i still run the steps you have asked as it is ?
and do i need to disable the AntiVirus and Firewall while running the fixes you have asked ??

Thanks
  • 0

#5
jwang01
Posted 14 September 2009 - 12:18 AM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Yes, go ahead and run the steps in my last post. For what we are doing here, you can leave your real time antivirus protection on. You can stop it if you wish, as it may slightly increase the scan times. It's up to you. :)
  • 0

#6
techvech
Posted 14 September 2009 - 07:53 AM

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi !!
I have run the OTL.
however i cannot update AVZ Antiviral toolkit

i get this error
automatic update error - Error loading control file avzupd.zip from http://avz.virusinfo.info/avz_up/[21,00002EFD]

tried both the sources..

Do you want me to continue without the update ? Or is there a workaround ?
thanks...
  • 0

#7
jwang01
Posted 14 September 2009 - 10:58 AM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello


I'm not sure what the problem is there. Just go ahead and run those scans anyway. :)
  • 0

#8
techvech
Posted 14 September 2009 - 12:45 PM

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi!
well its kinda different from what you posted....
have a look at the snapshot...

Attached Thumbnails

  • avz.JPG

Edited by techvech, 14 September 2009 - 12:56 PM.

  • 0

#9
jwang01
Posted 14 September 2009 - 01:02 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Thats ok. Check box 3 for the first run and then box 2 for the second run. :)
  • 0

#10
techvech
Posted 14 September 2009 - 02:37 PM

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Attached File  virusinfo_syscure.zip   39.37KB   209 downloadsAttached File  virusinfo_syscheck.zip   38.95KB   208 downloadsokies here is the OTL log and i am attaching the others..


-------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 9/14/2009 7:07:06 PM - Run 2
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\aashish\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 546.04 Mb Available Physical Memory | 53.85% Memory free
2.90 Gb Paging File | 2.47 Gb Available in Paging File | 85.25% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.74 Gb Free Space | 22.48% Space Free | Partition Type: NTFS
Drive D: | 25.89 Gb Total Space | 12.91 Gb Free Space | 49.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AASHISH-B4GS7NQ
Current User Name: aashish
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/09/07 00:31:16 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe
PRC - [2008/11/15 10:23:13 | 06,447,744 | ---- | M] () -- C:\Program Files\BitNami Drupal 6 Stack\mysql\bin\mysqld.exe
PRC - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/28 19:02:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/07/31 19:06:24 | 00,458,752 | ---- | M] (Conexant Systems Inc.) -- C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
PRC - [2001/11/06 13:32:42 | 00,131,072 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2009/06/30 01:01:14 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/11/28 16:52:00 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 16:55:58 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/04/17 15:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/09/07 00:31:14 | 01,796,368 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/08/29 11:30:12 | 00,966,656 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/05/28 19:02:28 | 00,380,416 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2001/07/13 10:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/14 18:52:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/09/07 00:31:16 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe -- (drupalApache [Auto | Running])
SRV - [2008/11/15 10:23:13 | 06,447,744 | ---- | M] () -- C:\Program Files\BitNami Drupal 6 Stack\mysql\bin\mysqld.exe -- (drupalMySQL [Auto | Running])
SRV - [2009/06/30 22:47:42 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - File not found -- -- (gjunj [Auto | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [On_Demand | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2005/10/14 16:20:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Disabled | Stopped])
SRV - [2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/05/28 19:02:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2005/10/14 16:21:12 | 00,239,320 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2005/10/14 03:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - File not found -- -- (tdgfv [Auto | Stopped])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2008/11/10 02:18:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.14907
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://mystart.incre...d...t_v2="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/30 01:01:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WaterProof\PHPEdit\3.4.2\Tools\FirefoxExtension\unpacked [2009/08/30 23:49:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions
[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/13 19:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions
[2009/07/06 23:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/29 16:39:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/07/05 16:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\[email protected]
[2009/08/31 01:37:19 | 00,002,149 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\Mozilla\FireFox\Profiles\z5c7iqzw.default\searchplugins\MyStart Search.xml
[2009/09/13 19:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/08 21:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/02 22:54:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/30 01:01:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/13 19:47:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/02/20 07:13:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/20 07:13:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/30 01:01:14 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/24 11:40:40 | 00,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDimdimControl.dll
[2009/02/20 07:13:35 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 23:15:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 23:15:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/20 01:03:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/20 01:03:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/20 01:03:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/20 01:03:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/20 01:03:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/20 01:03:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/20 01:03:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CnxDslTaskBar] C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe (Conexant Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\aashish\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Scan link by Dr.Web - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {52A2AAAE-085D-4187-97EA-8C30DB990436} http://localhost/iis...common/i386.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 19:47:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/09/14 18:58:28 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/14 18:54:55 | 05,125,238 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\avz4.zip
[2009/09/14 18:52:13 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe
[2009/09/14 18:50:13 | 00,769,960 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\an unhandled win32 exception occurred in svchost_exe [1556].mht
[2009/09/14 11:16:01 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ff4.bmp
[2009/09/14 01:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\Phone Recorder Plus
[2009/09/14 00:13:41 | 00,141,801 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Hotel%20California%20-%20German.jpg
[2009/09/14 00:12:34 | 04,540,416 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\dhan-te-nan-(Muskurahat.Com).mp3
[2009/09/14 00:06:29 | 12,812,980 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\flazx_flash-mx-project-the.zip
[2009/09/13 19:58:20 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ff3.bmp
[2009/09/13 13:04:27 | 00,150,298 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Ol.pdf
[2009/09/13 12:59:45 | 00,000,444 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Dictionary_v2.9.jad
[2009/09/13 12:59:33 | 00,902,030 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Dictionary_v2.9.jar
[2009/09/13 12:57:47 | 00,000,590 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\SoundRecorder.jad
[2009/09/13 12:57:35 | 00,009,733 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\SoundRecorder.jar
[2009/09/13 12:17:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\First Flight Couriers Ltd_files
[2009/09/13 12:17:29 | 00,048,980 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\First Flight Couriers Ltd.htm
[2009/09/13 11:32:55 | 00,150,298 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\OLN.pdf
[2009/09/13 11:27:56 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\first fligh @ 13.bmp
[2009/09/12 20:23:26 | 03,865,331 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Consumer%20Advocate.pdf
[2009/09/12 20:09:37 | 00,267,307 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\HT_NATIONAL.pdf
[2009/09/12 19:11:51 | 00,013,346 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\2009_08_24_08-indian-sex.htm
[2009/09/12 18:56:17 | 00,555,696 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Protection.mht
[2009/09/12 18:43:21 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\septemer 12th status.bmp
[2009/09/12 00:54:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\art work
[2009/09/11 21:18:33 | 00,000,000 | ---D | C] -- C:\Sandbox
[2009/09/11 21:18:24 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Sandboxed Web Browser.lnk
[2009/09/11 21:18:21 | 00,001,414 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/09/11 21:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2009/09/11 20:16:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\burn
[2009/09/11 01:33:01 | 00,035,317 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Oye Lucky Lucky Oye.jpg
[2009/09/10 02:04:41 | 00,312,366 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\OIL.pdf
[2009/09/10 01:53:55 | 00,000,000 | ---D | C] -- C:\Program Files\BitNami Drupal 6 Stack
[2009/09/10 01:50:38 | 00,875,574 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\binami...bmp
[2009/09/09 23:20:42 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/09 23:19:42 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/09 23:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/09 23:19:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/09 23:15:43 | 00,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 21:57:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Apple Computer
[2009/09/09 21:46:53 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/09 21:46:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Local Settings\Application Data\Apple
[2009/09/09 21:46:46 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/09/09 21:46:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/09/09 21:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/09/09 20:33:14 | 00,000,000 | ---D | C] -- C:\www
[2009/09/09 01:14:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\ie error
[2009/09/09 00:53:19 | 00,000,143 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\first.php
[2009/09/09 00:25:21 | 00,001,601 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\EasyPHP 5.3.0.lnk
[2009/09/09 00:24:18 | 00,000,000 | ---D | C] -- C:\Program Files\EasyPHP5.3.0
[2009/09/08 23:51:28 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\odesk.doc
[2009/09/08 23:10:17 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Guidelines%20-%20Handing%20over%20maintenance%20responsibility%20SERWA[1].doc
[2009/09/08 21:52:34 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/08 21:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/08 21:48:56 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\SpywareBlaster.lnk
[2009/09/08 21:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/09/08 02:22:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/08 02:21:51 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/08 02:21:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/08 02:21:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\SUPERAntiSpyware.com
[2009/09/08 02:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Local Settings\Application Data\Thunderbird
[2009/09/08 02:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Thunderbird
[2009/09/08 02:11:24 | 00,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2009/09/08 02:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/09/08 02:07:32 | 02,144,261 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\lightning-0.9-tb-win.xpi
[2009/09/08 01:36:48 | 00,008,770 | ---- | C] () -- C:\WINDOWS\hh.dat
[2009/09/08 00:08:35 | 00,001,661 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Internet Information Services.lnk
[2009/09/08 00:02:57 | 00,097,323 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\screen1.JPG
[2009/09/07 23:54:34 | 02,956,854 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\screen1.bmp
[2009/09/07 22:46:16 | 00,870,966 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\php wampserver2.bmp
[2009/09/07 22:42:46 | 00,000,000 | ---D | C] -- C:\wamp
[2009/09/07 20:58:27 | 00,633,053 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Wallpaper6.jpg
[2009/09/07 02:42:34 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to htdocs.lnk
[2009/09/07 02:39:56 | 01,156,662 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\apache.bmp
[2009/09/07 02:16:30 | 00,000,000 | ---D | C] -- C:\Program Files\MySQL
[2009/09/07 02:16:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/09/07 00:33:22 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/07 00:31:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/09/07 00:31:20 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/07 00:31:20 | 00,132,168 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/07 00:31:20 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/07 00:31:20 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/07 00:31:17 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/09/06 23:29:16 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7ADC0B50-4764-441D-9201-DA2D7DD25D30}.job
[2009/09/06 23:24:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/06 23:22:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/06 23:22:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/06 23:18:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/09/06 21:29:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\syncdb
[2009/09/06 20:20:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/06 20:20:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/06 20:20:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/06 20:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/06 17:50:24 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/06 17:50:14 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/06 17:50:14 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/09/06 17:50:14 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/06 17:50:14 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/06 17:50:13 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/06 17:50:08 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/06 17:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/06 16:51:22 | 00,858,652 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\avc_report22.pdf
[2009/09/06 15:52:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Malwarebytes
[2009/09/06 15:52:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/06 15:43:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/06 15:43:14 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ERUNT.lnk
[2009/09/06 15:43:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/06 15:42:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\malware rem tools
[2009/09/06 00:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\New Folder
[2009/09/05 12:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page_files
[2009/09/05 12:14:23 | 00,015,153 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page.htm
[2009/09/05 12:12:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page_files
[2009/09/05 12:12:48 | 00,044,236 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page.htm
[2009/09/05 12:03:46 | 02,956,854 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ebay not avaliable.bmp
[2009/09/05 02:41:22 | 00,084,945 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World.htm
[2009/09/05 02:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World_files
[2009/09/05 02:25:29 | 00,028,364 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\iPod How to find the serial number.htm
[2009/09/05 02:24:13 | 00,075,276 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods.htm
[2009/09/05 02:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods_files
[2009/09/05 01:50:53 | 00,026,081 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\september 5th Anti Virus log.xml
[2009/09/05 01:15:49 | 00,030,032 | ---- | C] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/04 22:29:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/04 20:14:55 | 00,100,706 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 20:14:43 | 00,099,029 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST).htm
[2009/09/04 20:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST)_files
[2009/09/04 20:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST)_files
[2009/09/04 19:56:09 | 00,102,139 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 19:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST)_files
[2009/09/03 02:27:28 | 00,000,000 | ---D | C] -- C:\Program Files\Apache Software Foundation
[2009/09/03 01:25:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\drupal-6.13
[2009/09/02 23:07:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\skypePM
[2009/09/02 22:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Skype
[2009/09/02 22:52:53 | 00,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/02 22:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/02 22:52:45 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/02 22:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

========== Files - Modified Within 14 Days ==========

[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/09/14 19:06:29 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL DIAL UP.lnk
[2009/09/14 19:06:23 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL ADSL USB Modem Control Panel.lnk
[2009/09/14 19:05:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/14 19:05:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/14 19:05:29 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/14 18:54:56 | 05,125,238 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\avz4.zip
[2009/09/14 18:52:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe
[2009/09/14 18:50:13 | 00,769,960 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\an unhandled win32 exception occurred in svchost_exe [1556].mht
[2009/09/14 18:43:22 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7ADC0B50-4764-441D-9201-DA2D7DD25D30}.job
[2009/09/14 11:16:03 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ff4.bmp
[2009/09/14 00:31:24 | 00,008,770 | ---- | M] () -- C:\WINDOWS\hh.dat
[2009/09/14 00:17:21 | 04,540,416 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\dhan-te-nan-(Muskurahat.Com).mp3
[2009/09/14 00:14:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/14 00:13:35 | 00,141,801 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Hotel%20California%20-%20German.jpg
[2009/09/14 00:06:30 | 12,812,980 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\flazx_flash-mx-project-the.zip
[2009/09/13 19:58:21 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ff3.bmp
[2009/09/13 13:04:27 | 00,150,298 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Ol.pdf
[2009/09/13 12:59:45 | 00,000,444 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Dictionary_v2.9.jad
[2009/09/13 12:59:33 | 00,902,030 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Dictionary_v2.9.jar
[2009/09/13 12:57:48 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\SoundRecorder.jad
[2009/09/13 12:57:36 | 00,009,733 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\SoundRecorder.jar
[2009/09/13 12:17:30 | 00,048,980 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\First Flight Couriers Ltd.htm
[2009/09/13 11:33:19 | 00,150,298 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\OLN.pdf
[2009/09/13 11:28:31 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\first fligh @ 13.bmp
[2009/09/13 01:58:30 | 00,001,414 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2009/09/12 20:23:27 | 03,865,331 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Consumer%20Advocate.pdf
[2009/09/12 20:09:37 | 00,267,307 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\HT_NATIONAL.pdf
[2009/09/12 19:11:52 | 00,013,346 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\2009_08_24_08-indian-sex.htm
[2009/09/12 18:56:22 | 00,555,696 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Protection.mht
[2009/09/12 18:43:22 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\septemer 12th status.bmp
[2009/09/12 13:11:15 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/11 23:16:29 | 00,000,629 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/11 23:16:29 | 00,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/11 23:16:29 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/09/11 21:18:14 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Sandboxed Web Browser.lnk
[2009/09/11 01:32:48 | 00,035,317 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Oye Lucky Lucky Oye.jpg
[2009/09/10 23:14:26 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\odesk.doc
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 02:04:41 | 00,312,366 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\OIL.pdf
[2009/09/10 01:53:47 | 00,875,574 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\binami...bmp
[2009/09/09 23:15:43 | 00,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 21:46:54 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/09 00:53:20 | 00,000,143 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\first.php
[2009/09/09 00:25:24 | 00,001,601 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\EasyPHP 5.3.0.lnk
[2009/09/08 23:10:17 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Guidelines%20-%20Handing%20over%20maintenance%20responsibility%20SERWA[1].doc
[2009/09/08 21:52:34 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/08 21:48:56 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\SpywareBlaster.lnk
[2009/09/08 02:21:51 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/08 02:11:24 | 00,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2009/09/08 02:07:32 | 02,144,261 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\lightning-0.9-tb-win.xpi
[2009/09/08 00:08:35 | 00,001,661 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Internet Information Services.lnk
[2009/09/08 00:02:58 | 00,097,323 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\screen1.JPG
[2009/09/07 23:54:35 | 02,956,854 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\screen1.bmp
[2009/09/07 22:46:16 | 00,870,966 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\php wampserver2.bmp
[2009/09/07 20:58:32 | 00,633,053 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Wallpaper6.jpg
[2009/09/07 02:42:34 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to htdocs.lnk
[2009/09/07 02:39:56 | 01,156,662 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\apache.bmp
[2009/09/07 01:12:16 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 00:33:22 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/07 00:31:17 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/07 00:31:17 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/07 00:31:17 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/07 00:31:16 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/06 23:19:15 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/06 22:05:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/06 20:20:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/06 17:50:24 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/06 16:51:22 | 00,858,652 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\avc_report22.pdf
[2009/09/06 15:43:14 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ERUNT.lnk
[2009/09/05 12:14:26 | 00,015,153 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page.htm
[2009/09/05 12:12:59 | 00,044,236 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page.htm
[2009/09/05 12:03:47 | 02,956,854 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ebay not avaliable.bmp
[2009/09/05 02:41:22 | 00,084,945 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World.htm
[2009/09/05 02:25:40 | 00,028,364 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\iPod How to find the serial number.htm
[2009/09/05 02:24:13 | 00,075,276 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods.htm
[2009/09/05 01:50:53 | 00,026,081 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\september 5th Anti Virus log.xml
[2009/09/05 01:15:49 | 00,030,032 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/04 20:14:55 | 00,100,706 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 20:14:43 | 00,099,029 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST).htm
[2009/09/04 19:56:09 | 00,102,139 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/03 03:11:22 | 00,000,185 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/09/02 22:52:53 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== LOP Check ==========

[2009/09/09 21:57:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\aashish\Application Data
[2009/07/25 12:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\DataLayer
[2009/08/07 21:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Dimdim
[2009/08/24 13:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\dvdcss
[2009/08/29 23:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\FileZilla
[2009/07/27 23:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Nokia Multimedia Player
[2009/08/10 01:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Notepad++
[2009/06/28 23:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\PC Suite
[2009/09/08 02:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Thunderbird
[2009/08/24 21:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\TigerPlayer
[2009/08/30 23:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\WaterProof
[2009/09/14 18:43:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/09 23:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/28 23:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2009/06/28 23:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/30 22:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/08 01:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/31 01:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/08/31 01:45:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/09/07 02:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/09/06 21:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/07 21:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/06/29 00:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/09/13 16:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/28 20:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/09 21:46:54 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/18 22:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/14 19:05:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/14 18:43:22 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7ADC0B50-4764-441D-9201-DA2D7DD25D30}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
  • 0

Advertisements

#11
jwang01
Posted 14 September 2009 - 04:16 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

Are you running a Network?


  • Close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program

    begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteService('tdgfv');
 StopService('tdgfv');
 SetServiceStart('tdgfv', 4);
 DeleteService('gjunj');
 StopService('gjunj');
 SetServiceStart('gjunj', 4);
 DeleteFile('C:\WINDOWS\System32\Drivers\a0kf3wug.SYS');
 BC_DeleteFile('C:\WINDOWS\System32\Drivers\a0kf3wug.SYS');
 DeleteFile('C:\WINDOWS\sYSTEM32\oulxjy.dll');
 BC_DeleteFile('C:\WINDOWS\sYSTEM32\oulxjy.dll');
 DeleteFile('C:\WINDOWS\system32\MsSip1.dll');
 BC_DeleteFile('C:\WINDOWS\system32\MsSip1.dll');
 DeleteFile('C:\WINDOWS\system32\MsSip2.dll');
 BC_DeleteFile('C:\WINDOWS\system32\MsSip2.dll');
 BC_DeleteFile('C:\WINDOWS\system32\MsSip3.dll');
 DeleteFile('C:\WINDOWS\system32\cmptes.dll');
 BC_DeleteFile('C:\WINDOWS\system32\cmptes.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically, Then start OTL and run a Scan and post that back in your next reply.


After you run this fix, try and boot into Safe Mode. If you can't, can you tell me the error you get?
Also, post the fresh OTL log.

Edited by jwang01, 15 September 2009 - 08:35 AM.

  • 0

#12
techvech
Posted 15 September 2009 - 12:20 AM

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi !
Thanks
No i don't run a network...
How do i run OTL ? Custom Scan/Fixes , Run Scan or Quick Scan ??

Just wanted to know ,
are we doing something to f.lux.exe ?? Its a software i use, which adjusts the monitors birghtness.....
  • 0

#13
jwang01
Posted 15 September 2009 - 08:36 AM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Ok, I have removed f.lux.exe from the fix. Thanks for the heads up. :)

Go ahead and Run OTL by hitting the run scan button.

So go ahead and run the AVZ fix and run OTL. :)

Edited by jwang01, 15 September 2009 - 08:37 AM.

  • 0

#14
techvech
Posted 15 September 2009 - 09:18 AM

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi !
i can't boot into the safe mode
here's the error it gives : BSOD :

A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer, if this screen appears again, follow these steps:
check for virsuses on your computer ,remove any newly installed hard drives or hard drive controllers ,check your hard drive to make sure it is properly configured . Run CHKDSK/F to check for hard drive corruption and then restart your computer

TECH INFO:
***STOP: 0x0000007B(0xF7A61524,0xc0000034,0x00000000,0x00000000)


here is the OTL LOG:


OTL logfile created on: 9/15/2009 8:31:52 PM - Run 3
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\aashish\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 537.45 Mb Available Physical Memory | 53.00% Memory free
2.90 Gb Paging File | 2.47 Gb Available in Paging File | 85.33% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.66 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
Drive D: | 25.89 Gb Total Space | 12.91 Gb Free Space | 49.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AASHISH-B4GS7NQ
Current User Name: aashish
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/09/07 00:31:16 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe
PRC - [2008/11/15 10:23:13 | 06,447,744 | ---- | M] () -- C:\Program Files\BitNami Drupal 6 Stack\mysql\bin\mysqld.exe
PRC - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/28 19:02:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2003/07/31 19:06:24 | 00,458,752 | ---- | M] (Conexant Systems Inc.) -- C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
PRC - [2001/11/06 13:32:42 | 00,131,072 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2009/06/30 01:01:14 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/11/28 16:52:00 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 16:55:58 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/04/17 15:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/09/07 00:31:14 | 01,796,368 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2001/07/13 10:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/14 18:52:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/09/07 00:31:16 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe -- (drupalApache [Auto | Running])
SRV - [2008/11/15 10:23:13 | 06,447,744 | ---- | M] () -- C:\Program Files\BitNami Drupal 6 Stack\mysql\bin\mysqld.exe -- (drupalMySQL [Auto | Running])
SRV - [2009/06/30 22:47:42 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - File not found -- -- (gjunj [Disabled | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [On_Demand | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2005/10/14 16:20:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Disabled | Stopped])
SRV - [2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/05/28 19:02:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2005/10/14 16:21:12 | 00,239,320 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2005/10/14 03:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - File not found -- -- (tdgfv [Disabled | Stopped])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2008/11/10 02:18:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/08/05 20:10:12 | 01,684,736 | ---- | M] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt [On_Demand | Stopped])
DRV - [2001/12/11 18:05:02 | 00,054,941 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2009/09/07 00:31:16 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/09/07 00:31:17 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2003/07/31 02:05:36 | 00,060,288 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\CnxEtP.sys -- (CnxEtP [On_Demand | Running])
DRV - [2003/07/31 02:05:46 | 00,642,944 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\CnxEtU.sys -- (CnxEtU [On_Demand | Running])
DRV - [2003/11/02 15:54:22 | 00,108,675 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\DRIVERS\CnxTgN.sys -- (CnxTgN [On_Demand | Running])
DRV - [2009/03/28 19:08:26 | 00,031,896 | ---- | M] (DemoForge, LLC) -- C:\WINDOWS\System32\DRIVERS\dfmirage.sys -- (dfmirage [System | Stopped])
DRV - [2007/03/14 10:30:32 | 00,165,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/11/28 17:20:20 | 01,353,820 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2009/09/07 00:31:17 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
DRV - [2006/04/17 16:31:26 | 04,262,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/01/04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt [On_Demand | Stopped])
DRV - [2005/10/13 08:15:18 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2005/10/13 08:15:18 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2005/10/13 08:15:18 | 00,124,928 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2005/10/13 08:15:18 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
DRV - [2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/08/18 22:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/09/04 14:50:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/09/04 14:50:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/09/04 14:49:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2009/05/28 19:02:24 | 00,108,032 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])
DRV - [2009/03/15 15:55:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2001/08/18 22:30:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/06/28 20:30:16 | 00,682,232 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2009/08/05 23:13:59 | 00,012,136 | ---- | M] (deepxw) -- C:\WINDOWS\System32\drivers\tcpz-x86d.sys -- (TCPZ [Auto | Running])
DRV - [2005/11/30 13:12:36 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/12/01 10:55:24 | 00,011,264 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\Drivers\TPwSav.sys -- (TPwSav [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.14907
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://mystart.incre...d...t_v2="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/30 01:01:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WaterProof\PHPEdit\3.4.2\Tools\FirefoxExtension\unpacked [2009/08/30 23:49:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions
[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/13 19:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions
[2009/07/06 23:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/29 16:39:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/07/05 16:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\[email protected]
[2009/08/31 01:37:19 | 00,002,149 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\Mozilla\FireFox\Profiles\z5c7iqzw.default\searchplugins\MyStart Search.xml
[2009/09/13 19:47:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/08 21:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/02 22:54:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/30 01:01:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/13 19:47:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/02/20 07:13:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/20 07:13:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/30 01:01:14 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/24 11:40:40 | 00,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDimdimControl.dll
[2009/02/20 07:13:35 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 23:15:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 23:15:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/20 01:03:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/20 01:03:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/20 01:03:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/20 01:03:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/20 01:03:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/20 01:03:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/20 01:03:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CnxDslTaskBar] C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe (Conexant Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\aashish\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Scan link by Dr.Web - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {52A2AAAE-085D-4187-97EA-8C30DB990436} http://localhost/iis...common/i386.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 19:47:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/09/15 20:20:37 | 00,913,747 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\an unhandled win32 exception occurred in svchost_exe - today fix.mht
[2009/09/15 00:13:01 | 00,036,220 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\avz.JPG
[2009/09/14 19:41:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Local Settings\Application Data\Help
[2009/09/14 19:41:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Help
[2009/09/14 19:13:55 | 01,064,502 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\avz4 error.bmp
[2009/09/14 19:09:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\avz4
[2009/09/14 18:58:28 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/14 18:52:13 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe
[2009/09/14 18:50:13 | 00,769,960 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\an unhandled win32 exception occurred in svchost_exe [1556].mht
[2009/09/14 11:16:01 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ff4.bmp
[2009/09/14 01:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\Phone Recorder Plus
[2009/09/14 00:13:41 | 00,141,801 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Hotel%20California%20-%20German.jpg
[2009/09/14 00:12:34 | 04,540,416 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\dhan-te-nan-(Muskurahat.Com).mp3
[2009/09/14 00:06:29 | 12,812,980 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\flazx_flash-mx-project-the.zip
[2009/09/13 19:58:20 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ff3.bmp
[2009/09/13 13:04:27 | 00,150,298 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Ol.pdf
[2009/09/13 12:59:45 | 00,000,444 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Dictionary_v2.9.jad
[2009/09/13 12:59:33 | 00,902,030 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Dictionary_v2.9.jar
[2009/09/13 12:57:47 | 00,000,590 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\SoundRecorder.jad
[2009/09/13 12:57:35 | 00,009,733 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\SoundRecorder.jar
[2009/09/13 12:17:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\First Flight Couriers Ltd_files
[2009/09/13 12:17:29 | 00,048,980 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\First Flight Couriers Ltd.htm
[2009/09/13 11:32:55 | 00,150,298 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\OLN.pdf
[2009/09/13 11:27:56 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\first fligh @ 13.bmp
[2009/09/12 20:23:26 | 03,865,331 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Consumer%20Advocate.pdf
[2009/09/12 20:09:37 | 00,267,307 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\HT_NATIONAL.pdf
[2009/09/12 19:11:51 | 00,013,346 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\2009_08_24_08-indian-sex.htm
[2009/09/12 18:56:17 | 00,555,696 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Protection.mht
[2009/09/12 18:43:21 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\septemer 12th status.bmp
[2009/09/12 00:54:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\art work
[2009/09/11 21:18:33 | 00,000,000 | ---D | C] -- C:\Sandbox
[2009/09/11 21:18:24 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Sandboxed Web Browser.lnk
[2009/09/11 21:18:21 | 00,001,414 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/09/11 21:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2009/09/11 20:16:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\burn
[2009/09/11 01:33:01 | 00,035,317 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Oye Lucky Lucky Oye.jpg
[2009/09/10 02:04:41 | 00,312,366 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\OIL.pdf
[2009/09/10 01:53:55 | 00,000,000 | ---D | C] -- C:\Program Files\BitNami Drupal 6 Stack
[2009/09/10 01:50:38 | 00,875,574 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\binami...bmp
[2009/09/09 23:20:42 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/09 23:19:42 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/09 23:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/09 23:19:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/09 23:15:43 | 00,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 21:57:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Apple Computer
[2009/09/09 21:56:38 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/09/09 21:56:38 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/09/09 21:46:53 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/09 21:46:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Local Settings\Application Data\Apple
[2009/09/09 21:46:46 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/09/09 21:46:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/09/09 21:46:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/09/09 20:33:14 | 00,000,000 | ---D | C] -- C:\www
[2009/09/09 01:14:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\ie error
[2009/09/09 00:53:19 | 00,000,143 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\first.php
[2009/09/09 00:25:21 | 00,001,601 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\EasyPHP 5.3.0.lnk
[2009/09/09 00:24:18 | 00,000,000 | ---D | C] -- C:\Program Files\EasyPHP5.3.0
[2009/09/08 23:51:28 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\odesk.doc
[2009/09/08 23:10:17 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Guidelines%20-%20Handing%20over%20maintenance%20responsibility%20SERWA[1].doc
[2009/09/08 21:52:34 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/08 21:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/08 21:48:56 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\SpywareBlaster.lnk
[2009/09/08 21:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/09/08 02:22:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/08 02:21:51 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/08 02:21:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/08 02:21:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\SUPERAntiSpyware.com
[2009/09/08 02:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Local Settings\Application Data\Thunderbird
[2009/09/08 02:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Thunderbird
[2009/09/08 02:11:24 | 00,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2009/09/08 02:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2009/09/08 02:07:32 | 02,144,261 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\lightning-0.9-tb-win.xpi
[2009/09/08 01:36:48 | 00,008,770 | ---- | C] () -- C:\WINDOWS\hh.dat
[2009/09/08 00:08:35 | 00,001,661 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Internet Information Services.lnk
[2009/09/08 00:02:57 | 00,097,323 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\screen1.JPG
[2009/09/07 23:54:34 | 02,956,854 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\screen1.bmp
[2009/09/07 22:46:16 | 00,870,966 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\php wampserver2.bmp
[2009/09/07 22:42:46 | 00,000,000 | ---D | C] -- C:\wamp
[2009/09/07 20:58:27 | 00,633,053 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Wallpaper6.jpg
[2009/09/07 02:42:34 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to htdocs.lnk
[2009/09/07 02:39:56 | 01,156,662 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\apache.bmp
[2009/09/07 02:16:30 | 00,000,000 | ---D | C] -- C:\Program Files\MySQL
[2009/09/07 02:16:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/09/07 00:33:22 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/07 00:31:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/09/07 00:31:20 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/07 00:31:20 | 00,132,168 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/07 00:31:20 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/07 00:31:20 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/07 00:31:17 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/09/06 23:29:16 | 00,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7ADC0B50-4764-441D-9201-DA2D7DD25D30}.job
[2009/09/06 23:24:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/06 23:22:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/06 23:22:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/06 23:18:59 | 00,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/09/06 23:18:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/09/06 23:18:43 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2009/09/06 21:29:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\syncdb
[2009/09/06 20:20:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/06 20:20:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/06 20:20:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/06 20:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/06 17:50:24 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/06 17:50:14 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/06 17:50:14 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/09/06 17:50:14 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/06 17:50:14 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/06 17:50:13 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/06 17:50:08 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/06 17:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/06 16:51:22 | 00,858,652 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\avc_report22.pdf
[2009/09/06 15:52:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Malwarebytes
[2009/09/06 15:52:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/06 15:43:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/06 15:43:14 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ERUNT.lnk
[2009/09/06 15:43:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/06 15:42:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\malware rem tools
[2009/09/06 00:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\New Folder
[2009/09/05 12:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page_files
[2009/09/05 12:14:23 | 00,015,153 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page.htm
[2009/09/05 12:12:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page_files
[2009/09/05 12:12:48 | 00,044,236 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page.htm
[2009/09/05 12:03:46 | 02,956,854 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ebay not avaliable.bmp
[2009/09/05 02:41:22 | 00,084,945 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World.htm
[2009/09/05 02:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World_files
[2009/09/05 02:25:29 | 00,028,364 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\iPod How to find the serial number.htm
[2009/09/05 02:24:13 | 00,075,276 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods.htm
[2009/09/05 02:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods_files
[2009/09/05 01:50:53 | 00,026,081 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\september 5th Anti Virus log.xml
[2009/09/05 01:15:49 | 00,030,032 | ---- | C] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/04 22:29:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/04 20:14:55 | 00,100,706 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 20:14:43 | 00,099,029 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST).htm
[2009/09/04 20:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST)_files
[2009/09/04 20:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST)_files
[2009/09/04 19:56:09 | 00,102,139 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 19:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST)_files
[2009/09/03 02:27:28 | 00,000,000 | ---D | C] -- C:\Program Files\Apache Software Foundation
[2009/09/03 01:25:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\drupal-6.13
[2009/09/02 23:07:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\skypePM
[2009/09/02 22:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Skype
[2009/09/02 22:52:53 | 00,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/02 22:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/02 22:52:45 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/02 22:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/08/31 01:46:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Local Settings\Application Data\IM
[2009/08/31 01:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/08/31 01:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/08/31 00:07:59 | 00,000,504 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to gimp-2.6.7-i686-setup.lnk
[2009/08/31 00:00:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\exercises
[2009/08/30 23:56:33 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PHPEdit 3.4.2.lnk
[2009/08/30 23:56:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\web projects
[2009/08/30 23:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\WaterProof
[2009/08/30 23:49:09 | 00,000,000 | ---D | C] -- C:\Program Files\WaterProof
[2009/08/29 18:53:49 | 00,650,111 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\dcb.pdf
[2009/08/26 10:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form_files
[2009/08/26 10:29:49 | 00,005,615 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form.htm
[2009/08/24 13:31:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\dvdcss
[2009/08/21 13:38:00 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\aashish\Desktop\~$scading Style Sheets.doc
[2009/08/20 12:03:49 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\mark sheet.xls
[2009/08/17 19:25:47 | 00,159,744 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\db1.mdb
[2009/08/17 19:25:11 | 00,000,000 | --SD | C] -- C:\Documents and Settings\aashish\My Documents\My Data Sources
[2009/08/05 23:17:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\61201dd800.dll
[2009/07/25 11:28:25 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\SHCDMACoInstaller.dll
[2009/07/05 21:31:27 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/05 21:31:27 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/05 21:28:39 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/05 21:28:38 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/05 21:28:32 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/07/05 17:10:49 | 00,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/07/05 14:37:26 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/07/02 00:30:59 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/01 22:19:07 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/06/28 23:56:19 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2009/06/28 23:53:24 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/28 20:30:15 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2005/12/09 14:36:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2004/01/13 20:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2001/08/18 22:30:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/18 22:30:00 | 00,000,629 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/18 22:30:00 | 00,000,256 | ---- | C] () -- C:\WINDOWS\system.ini
[1998/06/10 00:00:00 | 00,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 00,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== Files - Modified Within 30 Days ==========

[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/09/15 20:31:16 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL DIAL UP.lnk
[2009/09/15 20:31:13 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL ADSL USB Modem Control Panel.lnk
[2009/09/15 20:30:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/15 20:30:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/15 20:30:44 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/15 20:20:44 | 00,913,747 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\an unhandled win32 exception occurred in svchost_exe - today fix.mht
[2009/09/15 19:26:13 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7ADC0B50-4764-441D-9201-DA2D7DD25D30}.job
[2009/09/15 00:13:02 | 00,036,220 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\avz.JPG
[2009/09/14 19:13:56 | 01,064,502 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\avz4 error.bmp
[2009/09/14 18:52:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe
[2009/09/14 18:50:13 | 00,769,960 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\an unhandled win32 exception occurred in svchost_exe [1556].mht
[2009/09/14 11:16:03 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ff4.bmp
[2009/09/14 00:31:24 | 00,008,770 | ---- | M] () -- C:\WINDOWS\hh.dat
[2009/09/14 00:17:21 | 04,540,416 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\dhan-te-nan-(Muskurahat.Com).mp3
[2009/09/14 00:14:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/14 00:13:35 | 00,141,801 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Hotel%20California%20-%20German.jpg
[2009/09/14 00:06:30 | 12,812,980 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\flazx_flash-mx-project-the.zip
[2009/09/13 19:58:21 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ff3.bmp
[2009/09/13 13:04:27 | 00,150,298 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Ol.pdf
[2009/09/13 12:59:45 | 00,000,444 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Dictionary_v2.9.jad
[2009/09/13 12:59:33 | 00,902,030 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Dictionary_v2.9.jar
[2009/09/13 12:57:48 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\SoundRecorder.jad
[2009/09/13 12:57:36 | 00,009,733 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\SoundRecorder.jar
[2009/09/13 12:17:30 | 00,048,980 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\First Flight Couriers Ltd.htm
[2009/09/13 11:33:19 | 00,150,298 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\OLN.pdf
[2009/09/13 11:28:31 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\first fligh @ 13.bmp
[2009/09/13 01:58:30 | 00,001,414 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2009/09/12 20:23:27 | 03,865,331 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Consumer%20Advocate.pdf
[2009/09/12 20:09:37 | 00,267,307 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\HT_NATIONAL.pdf
[2009/09/12 19:11:52 | 00,013,346 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\2009_08_24_08-indian-sex.htm
[2009/09/12 18:56:22 | 00,555,696 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Protection.mht
[2009/09/12 18:43:22 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\septemer 12th status.bmp
[2009/09/12 13:11:15 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/11 23:16:29 | 00,000,629 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/11 23:16:29 | 00,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/11 23:16:29 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/09/11 21:18:14 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Sandboxed Web Browser.lnk
[2009/09/11 01:32:48 | 00,035,317 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Oye Lucky Lucky Oye.jpg
[2009/09/10 23:14:26 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\odesk.doc
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 02:04:41 | 00,312,366 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\OIL.pdf
[2009/09/10 01:53:47 | 00,875,574 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\binami...bmp
[2009/09/09 23:15:43 | 00,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/09/09 21:46:54 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/09 00:53:20 | 00,000,143 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\first.php
[2009/09/09 00:25:24 | 00,001,601 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\EasyPHP 5.3.0.lnk
[2009/09/08 23:10:17 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Guidelines%20-%20Handing%20over%20maintenance%20responsibility%20SERWA[1].doc
[2009/09/08 21:52:34 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/08 21:48:56 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\SpywareBlaster.lnk
[2009/09/08 02:21:51 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/08 02:11:24 | 00,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2009/09/08 02:07:32 | 02,144,261 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\lightning-0.9-tb-win.xpi
[2009/09/08 00:08:35 | 00,001,661 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Internet Information Services.lnk
[2009/09/08 00:02:58 | 00,097,323 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\screen1.JPG
[2009/09/07 23:54:35 | 02,956,854 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\screen1.bmp
[2009/09/07 22:46:16 | 00,870,966 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\php wampserver2.bmp
[2009/09/07 20:58:32 | 00,633,053 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Wallpaper6.jpg
[2009/09/07 02:42:34 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to htdocs.lnk
[2009/09/07 02:39:56 | 01,156,662 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\apache.bmp
[2009/09/07 01:12:16 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 00:33:22 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/09/07 00:31:17 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/07 00:31:17 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/07 00:31:17 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/07 00:31:16 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/06 23:19:15 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/06 22:05:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/06 20:20:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/06 17:50:24 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/06 16:51:22 | 00,858,652 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\avc_report22.pdf
[2009/09/06 15:43:14 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ERUNT.lnk
[2009/09/05 12:14:26 | 00,015,153 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page.htm
[2009/09/05 12:12:59 | 00,044,236 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page.htm
[2009/09/05 12:03:47 | 02,956,854 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ebay not avaliable.bmp
[2009/09/05 02:41:22 | 00,084,945 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World.htm
[2009/09/05 02:25:40 | 00,028,364 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\iPod How to find the serial number.htm
[2009/09/05 02:24:13 | 00,075,276 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods.htm
[2009/09/05 01:50:53 | 00,026,081 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\september 5th Anti Virus log.xml
[2009/09/05 01:15:49 | 00,030,032 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/04 20:14:55 | 00,100,706 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 20:14:43 | 00,099,029 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST).htm
[2009/09/04 19:56:09 | 00,102,139 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/03 03:11:22 | 00,000,185 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/09/02 22:52:53 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/08/31 11:13:58 | 00,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/31 01:49:50 | 00,030,032 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/31 00:07:59 | 00,000,504 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to gimp-2.6.7-i686-setup.lnk
[2009/08/30 23:56:33 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PHPEdit 3.4.2.lnk
[2009/08/29 18:53:49 | 00,650,111 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\dcb.pdf
[2009/08/26 23:52:21 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Macromedia Dreamweaver 8.lnk
[2009/08/26 10:29:51 | 00,005,615 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form.htm
[2009/08/24 22:29:31 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\resume.doc
[2009/08/21 13:38:01 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\aashish\Desktop\~$scading Style Sheets.doc
[2009/08/20 12:03:50 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\mark sheet.xls
[2009/08/17 19:44:44 | 00,159,744 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\db1.mdb

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


and this is kinda weird : but have we done something that affects the hardware ?? I get a smell from my laptop, its kinda burning smell........... i am not sure... just asking !!

Edited by techvech, 15 September 2009 - 09:43 AM.

  • 0

#15
jwang01
Posted 15 September 2009 - 12:23 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

No, I did not change anything that realates to your hardware. Does your computer feel hot?

To start things of here, I would like your run the Check Disk. This will look for bad sectors in your hard drive and try to repair them.

  • Go to Start, then run, ant type in cmd and press Enter.
  • This will open up the Command Prompt. Then type in chkdsk/f
  • If it says it cannot run because it is in use, click Yes to have it run after the next reboot. Rebbot your computer and let it run.


Next


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O1 - Hosts: 127.0.0.1 activate.adobe.com

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Next


Please open up MBAM and click on the update tab, then update the program. Once it is done updating, please run a Quick Scan and post that log in your next reply.



Next


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



Please post the logs of MBAM and Kaspersky in your next reply
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP