my computer shows the error
"an unhandled win32 exception occurred in svchost.exe [1556]", "an unhandled win32 exception occurred in svchost.exe [xxxx]"
where xxxx is a random number..
after that, the internet stops working, and sometimes i have the BSOD which says,
A problem has been detected and windows has been shut down to prevent damage to your computer, the problem seems to be caused by the following file:
rdbss.sys
also , i cannot boot in safemode , it shows a BSOD which says, your computer may have a virus or problem with a new harddisk etc..
i had posted this as an OS issues here :
http://www.geekstogo.com/forum/an-unhandled-win32-exception-occurred-svchost-exe-1556andquot-t248272.html
I have been redirected here now:
i am posting the logs as asked:
after running MBAM , the problem remains , but it occurs after a longer period.
MBAM LOG :
Malwarebytes' Anti-Malware 1.40
Database version: 2747
Windows 5.1.2600 Service Pack 2
9/6/2009 4:06:35 PM
mbam-log-2009-09-06 (16-06-35).txt
Scan type: Quick Scan
Objects scanned: 99083
Time elapsed: 7 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\toolbar_bho.ietoolbar (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar_bho.ietoolbar.1 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ff78efd-0213-4a73-ac23-6a489190dbfb} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{489873ce-f3e1-44a3-8e89-04be26be4446} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{296ab1c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{065683c4-c71a-47f1-830b-7d9309d3913d} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{489873ce-f3e1-44a3-8e89-04be26be4446} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{296ab1c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{489873ce-f3e1-44a3-8e89-04be26be4446} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296ab1c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\firefox (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\firefox (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\firefox (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\serverdk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\serverdk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\serverdk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winhelp32 (Backdoor.Hupigon) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\winhelp32 (Backdoor.Hupigon) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winhelp32 (Backdoor.Hupigon) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ietimber (Adware.Fastlook) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ietimber (Adware.Fastlook) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SERVER_THIS (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpidisk (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Hosts Controller (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WaitToKillServiceT (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Internet Explorer\IETimber (Adware.Fastlook) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\oulxjy.sys (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\IETimber\IP.dat (Adware.Fastlook) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\IETimber\uISGRLFile.dat (Adware.Fastlook) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\IETimber\Uninstall.exe (Adware.Fastlook) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B4eocaps.SRG (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\firefox.exe (Backdoor.IRCBot) -> Delete on reboot.
C:\WINDOWS\system32\i\J001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Trojan.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\server.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Winhelp32.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully.
C:\WINDOWS\system\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
RootRepeal Log :
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/06 21:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: aiielfue.SYS
Image Path: C:\WINDOWS\System32\Drivers\aiielfue.SYS
Address: 0xBA7D7000 Size: 417792 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9946000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B9C000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PCI_NTPNP9284
Image Path: \Driver\PCI_NTPNP9284
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA86BB000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7cc60e6
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7cc60dc
#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7cc60eb
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7cc60f5
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf753be2c
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf753c1ba
#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7cc60fa
#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf75360b0
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7cc60c8
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7cc60cd
#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf753c292
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf753c112
#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7cc6104
#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7cc60ff
#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7cc60f0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7cc60d7
==EOF==
OTL.txt LOG
OTL logfile created on: 9/6/2009 9:07:15 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.98 Mb Total Physical Memory | 601.29 Mb Available Physical Memory | 59.30% Memory free
2.90 Gb Paging File | 2.47 Gb Available in Paging File | 85.27% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 7.42 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive D: | 25.89 Gb Total Space | 13.15 Gb Free Space | 50.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AASHISH-B4GS7NQ
Current User Name: aashish
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/07/31 19:06:24 | 00,458,752 | ---- | M] (Conexant Systems Inc.) -- C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
PRC - [2001/11/06 13:32:42 | 00,131,072 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2009/06/30 01:01:14 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/11/28 16:55:14 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/11/28 16:52:00 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 16:55:58 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/04/17 15:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2001/07/13 10:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/06/28 21:27:05 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/08/31 01:45:07 | 00,271,744 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2009/08/06 15:51:30 | 00,041,051 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
PRC - [2009/08/31 01:45:07 | 00,210,304 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe
PRC - [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/06 20:47:55 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (33BD7555 [Disabled | Stopped])
SRV - [2008/09/16 12:03:18 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0 [Disabled | Stopped])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (fdos [Auto | Stopped])
SRV - [2009/06/30 22:47:42 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - File not found -- -- (gjunj [Auto | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2005/10/14 16:20:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Disabled | Stopped])
SRV - [2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2005/10/14 16:21:12 | 00,239,320 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2005/10/14 03:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - File not found -- -- (tdgfv [Auto | Stopped])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2008/11/10 02:18:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Disabled | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.14907
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://mystart.incre...d...t_v2="
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/30 01:01:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WaterProof\PHPEdit\3.4.2\Tools\FirefoxExtension\unpacked [2009/08/30 23:49:27 | 00,000,000 | ---D | M]
[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions
[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/04 11:41:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions
[2009/07/06 23:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/29 16:39:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/07/05 16:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\[email protected]
[2009/08/31 01:37:19 | 00,002,149 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\Mozilla\FireFox\Profiles\z5c7iqzw.default\searchplugins\MyStart Search.xml
[2009/09/06 16:15:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/02 22:54:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/30 01:01:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/06 01:45:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/06/30 01:01:14 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/24 11:40:40 | 00,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDimdimControl.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CnxDslTaskBar] C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe (Conexant Systems Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\aashish\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Scan link by Dr.Web - File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 19:47:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: ERSvc - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/09/06 20:20:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/06 20:20:53 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/06 20:20:50 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/06 20:20:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/06 17:50:24 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/06 17:50:14 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/06 17:50:14 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/09/06 17:50:14 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/06 17:50:14 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/06 17:50:13 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/06 17:50:08 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/06 17:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/09/06 16:51:22 | 00,858,652 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\avc_report22.pdf
[2009/09/06 16:08:23 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/06 15:52:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Malwarebytes
[2009/09/06 15:52:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/06 15:43:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/06 15:43:14 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\NTREGOPT.lnk
[2009/09/06 15:43:14 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ERUNT.lnk
[2009/09/06 15:43:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/06 15:42:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\malware rem tools
[2009/09/06 00:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\New Folder
[2009/09/05 12:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page_files
[2009/09/05 12:14:23 | 00,015,153 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page.htm
[2009/09/05 12:12:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page_files
[2009/09/05 12:12:48 | 00,044,236 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page.htm
[2009/09/05 12:03:46 | 02,956,854 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\ebay not avaliable.bmp
[2009/09/05 11:50:06 | 00,459,776 | ---- | C] () -- C:\WINDOWS\System32\capisrv.dll
[2009/09/05 11:49:26 | 00,686,592 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009/09/05 02:41:22 | 00,084,945 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World.htm
[2009/09/05 02:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World_files
[2009/09/05 02:25:29 | 00,028,364 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\iPod How to find the serial number.htm
[2009/09/05 02:24:13 | 00,075,276 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods.htm
[2009/09/05 02:23:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods_files
[2009/09/05 01:50:53 | 00,026,081 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\september 5th Anti Virus log.xml
[2009/09/05 01:25:42 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/09/05 01:25:42 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/09/05 01:15:49 | 00,030,032 | ---- | C] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/05 00:46:49 | 00,479,501 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\mybill.pdf
[2009/09/04 22:29:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/04 20:14:55 | 00,100,706 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 20:14:43 | 00,099,029 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST).htm
[2009/09/04 20:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST)_files
[2009/09/04 20:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST)_files
[2009/09/04 19:56:09 | 00,102,139 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 19:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST)_files
[2009/09/03 02:27:51 | 00,001,079 | ---- | C] () -- C:\Documents and Settings\aashish\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
[2009/09/03 02:27:28 | 00,000,000 | ---D | C] -- C:\Program Files\Apache Software Foundation
[2009/09/03 01:25:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\drupal-6.13
[2009/09/02 23:07:57 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/02 23:07:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\skypePM
[2009/09/02 22:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\Skype
[2009/09/02 22:52:53 | 00,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/02 22:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/02 22:52:45 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/02 22:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/08/31 01:46:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Local Settings\Application Data\IM
[2009/08/31 01:46:15 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[2009/08/31 01:45:33 | 00,000,000 | ---D | C] -- C:\Program Files\IncrediMail
[2009/08/31 01:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/08/31 01:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/08/31 01:36:18 | 00,648,216 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\incredimail_install.exe
[2009/08/31 00:07:59 | 00,000,504 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to gimp-2.6.7-i686-setup.lnk
[2009/08/31 00:00:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\exercises
[2009/08/30 23:56:33 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\PHPEdit 3.4.2.lnk
[2009/08/30 23:56:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\web projects
[2009/08/30 23:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\WaterProof
[2009/08/30 23:49:09 | 00,000,000 | ---D | C] -- C:\Program Files\WaterProof
[2009/08/29 18:53:49 | 00,650,111 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\dcb.pdf
[2009/08/26 10:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form_files
[2009/08/26 10:29:49 | 00,005,615 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form.htm
[2009/08/24 13:31:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Application Data\dvdcss
========== Files - Modified Within 14 Days ==========
[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/09/06 20:20:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/06 20:20:02 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL DIAL UP.lnk
[2009/09/06 20:19:39 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL ADSL USB Modem Control Panel.lnk
[2009/09/06 20:19:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/06 20:19:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/06 20:19:19 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/06 20:07:05 | 00,581,889 | ---- | M] () -- C:\WINDOWS\System32\oulxjy
[2009/09/06 18:03:06 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for aashish.job
[2009/09/06 17:55:55 | 00,459,776 | ---- | M] () -- C:\WINDOWS\System32\capisrv.dll
[2009/09/06 17:55:17 | 00,686,592 | ---- | M] () -- C:\WINDOWS\System32\libmysql.dll
[2009/09/06 17:50:24 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/06 16:51:22 | 00,858,652 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\avc_report22.pdf
[2009/09/06 15:43:14 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\NTREGOPT.lnk
[2009/09/06 15:43:14 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ERUNT.lnk
[2009/09/05 12:14:26 | 00,015,153 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Print page.htm
[2009/09/05 12:12:59 | 00,044,236 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PaisaPay Payment Confirmation page.htm
[2009/09/05 12:03:47 | 02,956,854 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\ebay not avaliable.bmp
[2009/09/05 02:41:22 | 00,084,945 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Fourth-generation IPod Nano - PC World.htm
[2009/09/05 02:25:40 | 00,028,364 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\iPod How to find the serial number.htm
[2009/09/05 02:24:13 | 00,075,276 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\AppleInsider Apple warns of phony iPods.htm
[2009/09/05 01:50:53 | 00,026,081 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\september 5th Anti Virus log.xml
[2009/09/05 01:25:42 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/05 01:25:42 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/09/05 01:20:48 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/05 01:20:26 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 01:15:49 | 00,030,032 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/05 00:46:53 | 00,479,501 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\mybill.pdf
[2009/09/04 22:34:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/04 22:29:45 | 00,000,464 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/04 20:14:55 | 00,100,706 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/04 20:14:43 | 00,099,029 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW WITH APPLE WRTY (item 350247681115 end time 05-Sep-2009 113557 IST).htm
[2009/09/04 19:56:09 | 00,102,139 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\eBay India APPLE IPOD NANO CHROMATIC 8GB BRAND NEW (item 170377780965 end time 08-Sep-2009 103000 IST).htm
[2009/09/03 23:07:10 | 00,000,629 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/03 23:07:10 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/03 03:11:22 | 00,000,185 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/09/03 02:27:51 | 00,001,079 | ---- | M] () -- C:\Documents and Settings\aashish\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
[2009/09/02 23:07:57 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/02 22:52:53 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/08/31 11:13:58 | 00,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/31 01:49:50 | 00,030,032 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/31 01:46:15 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[2009/08/31 01:36:31 | 00,648,216 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\incredimail_install.exe
[2009/08/31 00:07:59 | 00,000,504 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Shortcut to gimp-2.6.7-i686-setup.lnk
[2009/08/30 23:56:33 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\PHPEdit 3.4.2.lnk
[2009/08/29 18:53:49 | 00,650,111 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\dcb.pdf
[2009/08/26 23:52:21 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Macromedia Dreamweaver 8.lnk
[2009/08/26 10:29:51 | 00,005,615 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\NSN Registration Form.htm
[2009/08/24 22:29:31 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\resume.doc
========== LOP Check ==========
[2009/09/06 17:32:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\aashish\Application Data
[2009/07/25 12:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\DataLayer
[2009/08/07 21:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Dimdim
[2009/08/24 13:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\dvdcss
[2009/08/29 23:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\FileZilla
[2009/07/27 23:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Nokia Multimedia Player
[2009/08/10 01:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Notepad++
[2009/06/28 23:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\PC Suite
[2009/08/24 21:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\TigerPlayer
[2009/08/30 23:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\WaterProof
[2009/09/06 17:50:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/28 23:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2009/06/28 23:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/30 22:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/08 01:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/31 01:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/08/31 01:45:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/08/07 21:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/07 21:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/06/29 00:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/06/28 20:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2001/08/18 22:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/06 18:03:06 | 00,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for aashish.job
[2009/09/06 20:19:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
< End of report >
OTL Extra.txt LOG
OTL Extras logfile created on: 9/6/2009 9:07:15 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.98 Mb Total Physical Memory | 601.29 Mb Available Physical Memory | 59.30% Memory free
2.90 Gb Paging File | 2.47 Gb Available in Paging File | 85.27% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 7.42 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive D: | 25.89 Gb Total Space | 13.15 Gb Free Space | 50.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AASHISH-B4GS7NQ
Current User Name: aashish
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{65A88B75-AD8D-4B9C-92DA-FEB137463595}" = PHP 5.3.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.13
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B74354C0-19E2-11DE-8C30-0800200C9A66}" = Screencaster Plug-in for FF
"{B7757137-0A71-4A9F-8A82-1AE4A1B73420}" = Nokia Connectivity Cable Driver
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel® PRO Network Connections 12.2.41.0
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C0031D6A-5160-4816-9B84-A37DE529C4BF}" = IncrediMail
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{c94b04c0-3a4c-4fd6-9414-e04a8e5b4d52}" = DFX 8 for Windows Media Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E136BB09-1BB2-49A0-9FF3-5C25564D3819}" = FastCGI x86
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF059F2A-62A7-4E6A-B305-559591D2769E}" = Nokia PC Suite
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"AccessRunner ADSL" = ZyXEL ADSL USB Modem WAN Adapter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"All ATI Software" = ATI - Software Uninstall Utility
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitComet" = BitComet 1.07
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.6.1
"IncrediMail" = IncrediMail 2.0
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"MpcStar" = MpcStar 3.3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"MsJavaVM" = Microsoft VM for Java
"Notepad++" = Notepad++
"NSS" = Norton Security Scan
"oDMCam" = oDesk MiniCam 2.0.73
"oDShare" = oDesk Share 2.0.69
"oDSSnap" = oDesk ScreenSnap 2.0.113
"oDVT" = oDesk Team 2.0.140
"PHPEdit" = PHPEdit 3.4.2
"PowerISO" = PowerISO
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 0.9.8a
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/30/2009 2:34:06 PM | Computer Name = AASHISH-B4GS7NQ | Source = MsiInstaller | ID = 11321
Description = Product: BitDefender Definitions Update -- Error 1321. The Installer
has insufficient privileges to modify this file: C:\Program Files\Common Files\BitDefender\BitDefender
Threat Scanner\av32bit_000\Plugins\TBD35E.tmp.
Error - 8/31/2009 11:53:44 AM | Computer Name = AASHISH-B4GS7NQ | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [1568]. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.
Error - 8/31/2009 11:53:44 AM | Computer Name = AASHISH-B4GS7NQ | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [1568]. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.
[ System Events ]
Error - 9/6/2009 8:15:37 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The yjpdrpan service failed to start due to the following error: %%2
Error - 9/6/2009 8:20:19 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
Error - 9/6/2009 8:23:45 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7031
Description = The Application Experiences service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7023
Description = The VMservices service terminated with the following error: %%126
Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7023
Description = The Application Experiences service terminated with the following
error: %%126
Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The cfst service failed to start due to the following error: %%2
Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The fsg dhy service failed to start due to the following error: %%2
Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The gtdhgrfg service failed to start due to the following error: %%2
Error - 9/6/2009 10:49:26 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7000
Description = The yjpdrpan service failed to start due to the following error: %%2
Error - 9/6/2009 10:54:25 AM | Computer Name = AASHISH-B4GS7NQ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460
< End of report >
I also installed Anti Avir Free Edition and the report is :
Avira AntiVir Personal
Report file date: Sunday, September 06, 2009 17:58
Scanning for 1684804 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 09:06:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 06:28:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 07:05:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 06:28:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 08:00:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 04:51:42
ANTIVIR2.VDF : 7.1.5.201 3414528 Bytes 9/3/2009 12:24:07
ANTIVIR3.VDF : 7.1.5.210 53760 Bytes 9/6/2009 12:24:12
Engineversion : 8.2.1.8
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 09:01:50
AESCRIPT.DLL : 8.1.2.27 467321 Bytes 9/6/2009 12:25:24
AESCN.DLL : 8.1.2.5 127346 Bytes 9/6/2009 12:25:11
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 05:29:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 09:01:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 05:29:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/6/2009 12:25:09
AEHELP.DLL : 8.1.7.0 237940 Bytes 9/6/2009 12:24:30
AEGEN.DLL : 8.1.1.60 364915 Bytes 9/6/2009 12:24:25
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 10:02:40
AECORE.DLL : 8.1.7.8 184692 Bytes 9/6/2009 12:24:15
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 10:02:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 04:17:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 06:02:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 10:04:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 06:02:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 10:35:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 06:07:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 10:33:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 03:51:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 06:02:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 11:09:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 05:49:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Sunday, September 06, 2009 17:58
Starting search for hidden objects.
'58541' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'Nss.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ImApp.exe' - '1' Module(s) have been scanned
Scan process 'IncMail.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '59' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0014572.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0014573.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0015510.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0015511.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0016509.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0016510.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0017509.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0017510.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0018598.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0018599.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019510.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019511.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019730.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019731.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019743.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019744.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0021744.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0021745.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022744.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022745.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022891.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022892.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0023890.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0023891.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024890.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024891.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024916.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024917.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024946.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024947.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024953.exe
[DETECTION] Is the TR/Dropper.Gen2 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026938.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026939.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026959.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026960.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026979.dll
[DETECTION] Is the TR/BHO.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026980.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026981.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026982.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0027995.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0027996.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0028995.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0028997.dll
[DETECTION] Is the TR/Expl.SqlShell.M Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0029009.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0029010.dll
[DETECTION] Is the TR/Expl.SqlShell.M Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030026.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030027.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030054.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030055.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030069.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030070.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030090.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030091.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030103.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030109.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0030131.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0030132.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031136.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031139.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031158.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031159.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0032178.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036194.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036198.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036222.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036223.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036241.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036243.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036277.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036279.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036293.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036294.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036315.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036316.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0037315.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0037316.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0038405.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0038406.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0039404.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0039405.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0040405.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0040406.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0043408.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0045433.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP75\A0046433.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP75\A0046448.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0048536.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0050535.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0051537.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0051560.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057563.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057581.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057603.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP77\A0057619.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0058673.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0058690.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0059690.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0059708.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0060727.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0060742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0061742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0063742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0063845.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0064846.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065846.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065861.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0071874.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP79\A0073873.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP79\A0074875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075896.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075935.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0076934.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0077934.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0077960.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0078975.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0079977.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP83\A0081312.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086385.sys
[DETECTION] Is the TR/Agent.Uka.2 Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086386.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086388.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086389.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086390.exe
[DETECTION] Is the TR/Dldr.Agent.wha Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086397.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086398.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\cmptes.dll
[DETECTION] Is the TR/Dldr.Agent.ckvw Trojan
C:\WINDOWS\system32\comptres.dll
[DETECTION] Is the TR/Dldr.Agent.ckvy Trojan
C:\WINDOWS\system32\crdtsrv.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
C:\WINDOWS\system32\oulxjy.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.ahls back-door program
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\downLOADS\quick access III\Downloads\Chrome\AutoShutdown.gadget
[0] Archive type: ZIP
--> core/gadget.js
[DETECTION] Contains recognition pattern of the JS/Shutdown Java script virus
D:\from C\quick access III\Downloads\Chrome\AutoShutdown.gadget
[0] Archive type: ZIP
--> core/gadget.js
[DETECTION] Contains recognition pattern of the JS/Shutdown Java script virus
Beginning disinfection:
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0014572.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ad3c842.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0014573.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4b52f563.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0015510.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '49998f83.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0015511.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4ad3c843.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0016509.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '499ca6ec.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0016510.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4b518cac.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0017509.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '499daea4.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP67\A0017510.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4bace5d4.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0018598.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ba1af9c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0018599.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '499887cc.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019510.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '499f9f14.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019511.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '499e975c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019730.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4983be34.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019731.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '49685024.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019743.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4b569404.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0019744.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4982b67c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0021744.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '49814e44.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0021745.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4ad3c844.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022744.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '49875dd5.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022745.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4986551d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022891.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '49856d65.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0022892.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '498464ad.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0023890.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f1000e5.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0023891.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f17182d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024890.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f161075.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024891.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f1517bd.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024916.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f142f85.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024917.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f1b27cd.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024946.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f1a3f15.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024947.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f1ea415.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP68\A0024953.exe
[DETECTION] Is the TR/Dropper.Gen2 Trojan
[NOTE] The file was moved to '4ad3c845.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026938.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f1cb3a6.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026939.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f034bee.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026959.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f024336.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP69\A0026960.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4f015b7e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026979.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was moved to '4f005346.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026980.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4f076a8e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026981.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4f0662d6.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0026982.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4ad3c846.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0027995.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f047267.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0027996.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4ad3c847.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0028995.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f0a01f8.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0028997.dll
[DETECTION] Is the TR/Expl.SqlShell.M Trojan
[NOTE] The file was moved to '4f091930.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0029009.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f081108.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0029010.dll
[DETECTION] Is the TR/Expl.SqlShell.M Trojan
[NOTE] The file was moved to '4f0f2940.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030026.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f0e2098.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030027.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f0d38d0.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030054.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f0c3028.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030055.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f32c860.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030069.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f31cfb8.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030070.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f30c7f0.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030090.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f37dfc8.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030091.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f36d700.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030103.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f35ef58.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP70\A0030109.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f34e690.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0030131.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f3bfee8.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0030132.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f3af620.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031136.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f398e78.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031139.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f3885b0.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031158.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ad3c848.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0031159.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f3e95c1.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0032178.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f3dad19.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036194.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f3ca551.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036198.dll
[DETECTION] Is the TR/Agent.ctiy Trojan
[NOTE] The file was moved to '4f23bca9.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036222.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4f22b4e1.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP71\A0036223.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
[NOTE] The file was moved to '4f214c39.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036241.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
[NOTE] The file was moved to '4f269419.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036243.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ad3c849.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036277.dll
[DETECTION] Is the TR/Expl.SqlShell.I Trojan
[NOTE] The file was moved to '4ad3c84a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036279.dll
[DETECTION] Is the TR/Renaz.461824 Trojan
[NOTE] The file was moved to '4f2bbbe3.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036293.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4ad3c84b.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036294.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
[NOTE] The file was moved to '4f294b74.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036315.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4f28434c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0036316.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
[NOTE] The file was moved to '4f2f5a84.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0037315.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4f2e52dc.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0037316.dll
[DETECTION] Is the TR/Expl.SqlShell.N Trojan
[NOTE] The file was moved to '4f2d6a14.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0038405.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4f2c626c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0038406.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
[NOTE] The file was moved to '4ad3c84c.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0039404.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cd271fd.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0039405.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
[NOTE] The file was moved to '4cd10935.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0040405.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cd0010d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0040406.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
[NOTE] The file was moved to '4cd71945.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0043408.dll
[DETECTION] Is the TR/Expl.SqlShell.P Trojan
[NOTE] The file was moved to '4cd6109d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP73\A0045433.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cd528d5.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP75\A0046433.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4ad3c84d.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP75\A0046448.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cdb3866.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0048536.dll
[DETECTION] Is the TR/Expl.SqlShell.I.1 Trojan
[NOTE] The file was moved to '4cda3fbe.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0050535.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '493da8ee.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0051537.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4cdfcfce.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0051560.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4cdec706.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057563.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4cdddf5e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057581.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cdcd696.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP76\A0057603.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc3eeee.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP77\A0057619.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc2e626.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0058673.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc1fe7e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0058690.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc78d8e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0059690.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc0f5b6.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0059708.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc685c6.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0060727.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc59d1e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0060742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ad3c84e.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0061742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccbacaf.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0063742.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccaa4e7.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0063845.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc9bc3f.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0064846.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cc8b477.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065846.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccf4c4f.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065861.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cce4387.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0065875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccd5bdf.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP78\A0071874.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ccc5317.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP79\A0073873.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cf36b6f.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP79\A0074875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cf262a7.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075875.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ad3c84f.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075896.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cfb7400.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0075935.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ad3c850.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0076934.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cf903b1.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0077934.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4ad3c851.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0077960.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cff1322.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0078975.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cfe2b6a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP80\A0079977.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cfd2352.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP83\A0081312.dll
[DETECTION] Is the TR/Renaz.459264 Trojan
[NOTE] The file was moved to '4cfc3a9a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086385.sys
[DETECTION] Is the TR/Agent.Uka.2 Trojan
[NOTE] The file was moved to '4ce332c2.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086386.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce1ca0a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086388.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce0c272.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086389.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce7d9ba.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086390.exe
[DETECTION] Is the TR/Dldr.Agent.wha Trojan
[NOTE] The file was moved to '4ce6d1e2.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086397.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce5e92a.qua'!
C:\System Volume Information\_restore{6A338AA3-F175-4E38-8AB8-4BB01C171758}\RP84\A0086398.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4ce4e112.qua'!
C:\WINDOWS\system32\cmptes.dll
[DETECTION] Is the TR/Dldr.Agent.ckvw Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b13c88f.qua'!
C:\WINDOWS\system32\comptres.dll
[DETECTION] Is the TR/Dldr.Agent.ckvy Trojan
[NOTE] The file was moved to '4b10c894.qua'!
C:\WINDOWS\system32\crdtsrv.dll
[DETECTION] Contains recognition pattern of the WORM/Rbot.101184 worm
[NOTE] The file was moved to '4b07c897.qua'!
C:\WINDOWS\system32\oulxjy.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.ahls back-door program
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4d36f04b.qua'!
D:\downLOADS\quick access III\Downloads\Chrome\AutoShutdown.gadget
[NOTE] The file was moved to '4b17c91a.qua'!
D:\from C\quick access III\Downloads\Chrome\AutoShutdown.gadget
[NOTE] The file was moved to '41f0a5eb.qua'!
End of the scan: Sunday, September 06, 2009 20:05
Used time: 1:54:51 Hour(s)
The scan has been done completely.
15310 Scanned directories
669860 Files were scanned
134 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
134 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
669723 Files not concerned
3644 Archives were scanned
7 Warnings
136 Notes
58541 Objects were scanned with rootkit scan
0 Hidden objects were found
I have another question : Why did AntiAvir move everything to Quarantine ? Should i go there and delete the files ??
thanks