Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Stubborn virus


  • This topic is locked This topic is locked

#1
Prince112

Prince112

    Member

  • Member
  • PipPip
  • 14 posts
I am having a very irritating virus.sometimes the explorer.exe wont load at the startup. I cannot right click on my desktop. When I do so, the mouse button changes to the clock button and nothing happens. Many errors pop up during the startup. It says many services are closed and asks to send microsoft a report.

WHAT I DID: I reinstalled my windows but no Joy.
Note: GMER was not running in the normal mode. The comp was restarting everytime I ran it. So I ran it in safe mode.

MBAM Log..

Internet Explorer 6.0.2900.2180

8/6/2010 7:45:01 PM
mbam-log-2010-08-06 (19-45-01).txt

Scan type: Quick scan
Objects scanned: 118738
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-8813276314-7694394955-163578787-9991\hdav.exe (Worm.Autorun.B) -> Delete on reboot.
C:\Documents and Settings\Prince\Local Settings\Temp\008.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\096.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\346.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\374.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\377.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\421.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\675.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\744.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\929.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\Temporary Internet Files\Content.IE5\9JI3G24P\sure[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temp\Temporary Internet Files\Content.IE5\H9SFNMU7\sure[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temporary Internet Files\Content.IE5\0PYJCHU7\sure[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Prince\Local Settings\Temporary Internet Files\Content.IE5\K5A34XYR\sure[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.


GMER LOG

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-06 20:10:47
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtdypod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[232] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA4774
.text C:\WINDOWS\system32\winlogon.exe[232] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4803
.text C:\WINDOWS\system32\winlogon.exe[232] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4810
.text C:\WINDOWS\system32\winlogon.exe[232] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47F9
.text C:\WINDOWS\system32\winlogon.exe[232] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA4851
.text C:\WINDOWS\system32\services.exe[276] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA4774
.text C:\WINDOWS\system32\services.exe[276] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4803
.text C:\WINDOWS\system32\services.exe[276] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4810
.text C:\WINDOWS\system32\services.exe[276] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47F9
.text C:\WINDOWS\system32\services.exe[276] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA4851
.text C:\WINDOWS\system32\lsass.exe[288] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FF94774
.text C:\WINDOWS\system32\lsass.exe[288] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FF94803
.text C:\WINDOWS\system32\lsass.exe[288] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FF94810
.text C:\WINDOWS\system32\lsass.exe[288] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FF947F9
.text C:\WINDOWS\system32\lsass.exe[288] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FF94851
.text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA4774
.text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4803
.text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4810
.text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47F9
.text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA4851
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA4774
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4803
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4810
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47F9
.text C:\WINDOWS\system32\svchost.exe[572] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA4851
.text C:\WINDOWS\Explorer.EXE[844] Explorer.EXE 0101E26B 4 Bytes [FF, 15, 98, 10]
.text C:\WINDOWS\Explorer.EXE[844] Explorer.EXE 0101E271 4 Bytes [FF, 15, 94, 10]
.text C:\WINDOWS\Explorer.EXE[844] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44689, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[844] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0xF800, 0xE0000060]
vbzkavg C:\WINDOWS\Explorer.EXE[844] C:\WINDOWS\Explorer.EXE unknown last section [0x0110B000, 0x1000, 0xC0000000]
.text C:\WINDOWS\Explorer.EXE[844] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA4774
.text C:\WINDOWS\Explorer.EXE[844] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4803
.text C:\WINDOWS\Explorer.EXE[844] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4810
.text C:\WINDOWS\Explorer.EXE[844] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47F9
.text C:\WINDOWS\Explorer.EXE[844] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA4851
.text C:\Documents and Settings\Prince\Desktop\gmer.exe[1072] ntdll.dll!NtCreateFile 7C90D682 5 Bytes CALL 7FFA4774
.text C:\Documents and Settings\Prince\Desktop\gmer.exe[1072] ntdll.dll!NtCreateProcess 7C90D754 5 Bytes CALL 7FFA4803
.text C:\Documents and Settings\Prince\Desktop\gmer.exe[1072] ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes CALL 7FFA4810
.text C:\Documents and Settings\Prince\Desktop\gmer.exe[1072] ntdll.dll!NtOpenFile 7C90DCFD 5 Bytes CALL 7FFA47F9
.text C:\Documents and Settings\Prince\Desktop\gmer.exe[1072] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes CALL 7FFA4851

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs F6E8F400

---- EOF - GMER 1.0.15 ----

OLT


OTL logfile created on: 8/6/2010 8:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Prince\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 704.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 5.62 Gb Free Space | 57.59% Space Free | Partition Type: NTFS
Drive D: | 19.52 Gb Total Space | 0.76 Gb Free Space | 3.88% Space Free | Partition Type: FAT32
Drive E: | 19.53 Gb Total Space | 1.28 Gb Free Space | 6.57% Space Free | Partition Type: NTFS
Drive F: | 25.65 Gb Total Space | 1.35 Gb Free Space | 5.25% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FORMAL
Current User Name: Prince
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 20:18:21 | 000,604,672 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
PRC - [2010/08/06 19:47:10 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/02 21:14:21 | 000,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/11 16:33:06 | 003,171,760 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/02/18 18:01:01 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
PRC - [2006/12/09 19:04:10 | 000,117,568 | ---- | M] (Microsoft ® Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
PRC - [2004/10/14 14:42:54 | 001,454,080 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 13:56:50 | 001,080,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/21 01:27:46 | 000,659,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 01:21:18 | 000,139,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe


========== Modules (SafeList) ==========

MOD - [2010/08/06 20:18:21 | 000,604,672 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
MOD - [2009/03/26 20:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2004/08/04 13:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 12:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -- (FwcAgent)
SRV - [2003/05/21 01:27:46 | 000,659,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 000,081,920 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\InPage24\Haspnt.sys -- (Haspnt)
DRV - [2010/08/01 13:40:36 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/22 01:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090322.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/03/22 01:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090322.005\NAVENG.SYS -- (NAVENG)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/07 14:19:32 | 000,067,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.c...25&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...25&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ISASERVER:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:6.3
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...5&gct=&gc=1&q="
FF - prefs.js..network.proxy.ftp: "ISASERVER"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "ISASERVER"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "ISASERVER"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "ISASERVER"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "ISASERVER"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/06 19:47:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 19:47:19 | 000,000,000 | ---D | M]

[2010/08/01 13:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prince\Application Data\Mozilla\Extensions
[2010/08/02 21:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\ilnfev4t.default\extensions
[2010/08/02 21:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\ilnfev4t.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/08/02 21:22:52 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Mozilla\Firefox\Profiles\ilnfev4t.default\searchplugins\ask.xml
[2010/08/01 13:51:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/06 20:13:05 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe (Microsoft ® Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft ® Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/01 13:29:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 20:18:09 | 000,604,672 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
[2010/08/06 19:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\Malwarebytes
[2010/08/06 19:37:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/06 19:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/06 19:37:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/06 19:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/06 19:34:39 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Prince\Desktop\mbam-setup.exe
[2010/08/06 19:34:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/06 19:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/06 19:32:36 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Prince\Desktop\erunt_setup.exe
[2010/08/06 19:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\WinRAR
[2010/08/06 01:07:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Prince\Recent
[2010/08/02 21:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\AskSearch
[2010/08/02 21:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2010/08/02 21:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/08/02 21:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\uTorrent
[2010/08/02 09:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\dvdcss
[2010/08/02 08:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\COWON
[2010/08/01 22:55:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/01 22:52:57 | 000,468,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\TFC.exe
[2010/08/01 22:02:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Prince\UserData
[2010/08/01 21:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Local Settings\Application Data\Adobe
[2010/08/01 18:20:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/08/01 18:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/08/01 18:20:41 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/08/01 18:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/08/01 18:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/08/01 18:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/08/01 18:20:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/08/01 18:20:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/08/01 18:20:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/08/01 18:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/08/01 18:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/08/01 18:20:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/08/01 18:20:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/08/01 18:20:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/08/01 18:20:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/08/01 18:19:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/08/01 18:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/08/01 18:18:00 | 000,000,000 | ---D | C] -- C:\apps
[2010/08/01 18:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\OEMDIR
[2010/08/01 18:14:28 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/08/01 18:14:28 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/08/01 18:14:28 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/08/01 18:14:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/08/01 18:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/08/01 14:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\vlc
[2010/08/01 13:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\Macromedia
[2010/08/01 13:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\Adobe
[2010/08/01 13:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Local Settings\Application Data\Mozilla
[2010/08/01 13:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\Mozilla
[2010/08/01 13:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\IDM
[2010/08/01 13:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\My Documents\Downloads
[2010/08/01 13:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\DMCache
[2010/08/01 13:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2010/08/01 13:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/01 13:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/08/01 13:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/08/01 13:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Local Settings\Application Data\Apple
[2010/08/01 13:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/01 13:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/08/01 13:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/08/01 13:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Local Settings\Application Data\Apple Computer
[2010/08/01 13:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2010/08/01 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Firewall Client 2004
[2010/08/01 13:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\freestar
[2010/08/01 13:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/01 13:46:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/08/01 13:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/08/01 13:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/08/01 13:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/08/01 13:45:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/08/01 13:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/08/01 13:43:57 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2010/08/01 13:43:57 | 000,098,304 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/08/01 13:43:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2010/08/01 13:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/08/01 13:43:56 | 000,094,208 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/08/01 13:43:46 | 000,311,296 | ---- | C] (Analog Devices Incorporated) -- C:\WINDOWS\System32\Edcrypt.dll
[2010/08/01 13:43:46 | 000,000,000 | ---D | C] -- C:\dell
[2010/08/01 13:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Application Data\Identities
[2010/08/01 13:42:26 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/08/01 13:42:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Prince\My Documents\My Pictures
[2010/08/01 13:42:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Prince\My Documents\My Music
[2010/08/01 13:42:12 | 000,000,000 | ---D | C] -- C:\inpage 2004 xp
[2010/08/01 13:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Local Settings\Application Data\Symantec
[2010/08/01 13:41:18 | 000,083,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/01 13:41:18 | 000,073,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/01 13:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/01 13:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/08/01 13:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec_Client_Security
[2010/08/01 13:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/01 13:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/01 13:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/01 13:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/08/01 13:39:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/08/01 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2010/08/01 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2010/08/01 13:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/08/01 13:39:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Prince\Application Data\Microsoft
[2010/08/01 13:39:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Prince\Cookies
[2010/08/01 13:39:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Prince\SendTo
[2010/08/01 13:39:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Prince\Application Data
[2010/08/01 13:39:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Prince\Start Menu
[2010/08/01 13:39:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Prince\My Documents
[2010/08/01 13:39:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Prince\Favorites
[2010/08/01 13:39:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Prince\Templates
[2010/08/01 13:39:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Prince\PrintHood
[2010/08/01 13:39:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Prince\NetHood
[2010/08/01 13:39:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Prince\Local Settings
[2010/08/01 13:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Local Settings\Application Data\Microsoft
[2010/08/01 13:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prince\Desktop
[2010/08/01 13:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/08/01 13:37:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/08/01 13:37:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/01 13:37:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/08/01 13:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/08/01 13:32:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/08/01 13:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/08/01 13:31:12 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/08/01 13:31:12 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/08/01 13:31:12 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/08/01 13:30:13 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/08/01 13:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/08/01 13:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/08/01 13:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/08/01 13:28:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/08/01 13:28:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/08/01 13:28:30 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/08/01 13:28:20 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/08/01 13:28:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/08/01 13:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/08/01 13:27:36 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/08/01 13:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/08/01 13:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/08/01 13:27:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/08/01 13:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/08/01 13:27:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/08/01 13:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/08/01 13:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/08/01 13:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/08/01 13:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/08/01 13:27:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/08/01 13:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/08/01 13:26:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/08/01 13:26:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/08/01 13:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/08/01 13:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/08/01 13:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/08/01 13:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/08/01 13:25:44 | 000,308,736 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/08/01 13:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/08/01 13:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/08/01 13:25:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/08/01 13:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/08/01 13:25:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

========== Files - Modified Within 90 Days ==========

[2010/08/06 20:18:21 | 000,604,672 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\OTL.exe
[2010/08/06 20:18:07 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Prince\NTUSER.DAT
[2010/08/06 20:13:05 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/06 20:13:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 20:13:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 20:12:24 | 004,792,172 | -H-- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\IconCache.db
[2010/08/06 19:49:15 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\gmer.zip
[2010/08/06 19:45:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Prince\ntuser.ini
[2010/08/06 19:37:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 19:35:14 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Prince\Desktop\mbam-setup.exe
[2010/08/06 19:33:44 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\ERUNT.lnk
[2010/08/06 19:32:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Prince\Desktop\erunt_setup.exe
[2010/08/06 01:04:59 | 000,000,004 | ---- | M] () -- C:\systemlog
[2010/08/04 13:00:45 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 12:28:03 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/02 21:14:21 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/02 21:14:21 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\µTorrent.lnk
[2010/08/02 19:02:58 | 008,024,885 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\The Bilz and Kashif - Heer ranjha ( Jsin DnB Edit).mp3
[2010/08/01 22:55:37 | 000,468,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prince\Desktop\TFC.exe
[2010/08/01 18:20:40 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/01 13:54:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/08/01 13:53:56 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/01 13:53:28 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/08/01 13:52:20 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010/08/01 13:52:20 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\PhotoScape.lnk
[2010/08/01 13:52:00 | 000,001,999 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Firewall Client Management.lnk
[2010/08/01 13:51:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\FreeStar Free 3GP Converter.lnk
[2010/08/01 13:51:19 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/01 13:51:19 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/01 13:50:10 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/01 13:42:38 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/01 13:42:37 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/01 13:42:20 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\Ali Asad Virus Guard 2.lnk
[2010/08/01 13:42:18 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\Prince\Desktop\InPage 2004.lnk
[2010/08/01 13:40:36 | 000,124,167 | ---- | M] () -- C:\WINDOWS\System32\SYMEVNT.386
[2010/08/01 13:40:36 | 000,083,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/01 13:40:36 | 000,073,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/01 13:39:56 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
[2010/08/01 13:39:56 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2010/08/01 13:39:09 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/01 13:39:09 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/01 13:39:09 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/01 13:39:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/01 13:32:32 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/01 13:32:22 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/01 13:31:51 | 000,000,663 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/08/01 13:29:34 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 13:29:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/01 13:29:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/01 13:29:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/08/01 13:29:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/01 13:29:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/01 13:29:33 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/01 13:29:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/01 13:29:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/01 13:29:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/01 13:29:15 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/01 13:28:30 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/08/01 13:28:30 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/08/01 13:26:45 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/01 13:26:34 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/08/01 13:26:34 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/08/01 13:24:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010/08/06 19:49:51 | 000,348,672 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\gmer.exe
[2010/08/06 19:48:43 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\gmer.zip
[2010/08/06 19:37:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/06 19:33:44 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\ERUNT.lnk
[2010/08/04 12:28:03 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/02 23:39:13 | 000,000,004 | ---- | C] () -- C:\systemlog
[2010/08/02 21:14:21 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/02 21:14:21 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\µTorrent.lnk
[2010/08/02 18:48:20 | 008,024,885 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\The Bilz and Kashif - Heer ranjha ( Jsin DnB Edit).mp3
[2010/08/01 21:39:23 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Prince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/01 18:20:42 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/08/01 18:20:42 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/08/01 18:20:42 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/08/01 18:20:41 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/08/01 18:20:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/08/01 18:20:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/08/01 18:20:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/08/01 18:20:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/08/01 18:20:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/08/01 18:20:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/08/01 18:20:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/08/01 18:20:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/08/01 18:20:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/08/01 18:20:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/08/01 18:20:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/08/01 18:20:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/08/01 18:20:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/08/01 18:20:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/08/01 18:20:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/08/01 18:20:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/08/01 18:20:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/08/01 18:20:35 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/08/01 18:20:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/08/01 18:20:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/08/01 18:20:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/08/01 18:20:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/08/01 18:20:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/08/01 18:20:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/08/01 18:20:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/08/01 18:20:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/08/01 18:20:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/08/01 18:20:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/08/01 18:20:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/08/01 18:20:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/08/01 18:20:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/08/01 18:20:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/08/01 18:20:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/08/01 18:20:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/08/01 18:20:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/08/01 18:20:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/08/01 18:20:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/08/01 18:20:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/08/01 18:20:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/08/01 18:20:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/08/01 18:20:29 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/08/01 18:20:20 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/08/01 18:20:20 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/08/01 18:20:20 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/08/01 18:20:20 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/08/01 18:20:20 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/08/01 18:20:20 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/08/01 18:20:20 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/08/01 18:20:20 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/08/01 18:20:20 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/08/01 18:20:20 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/08/01 18:20:20 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/08/01 18:20:20 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/08/01 18:20:20 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/08/01 18:20:20 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/08/01 18:20:20 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/08/01 18:20:20 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/08/01 18:20:19 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/08/01 18:20:19 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/08/01 18:20:19 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/08/01 18:19:44 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/01 18:19:02 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/08/01 18:18:59 | 000,000,663 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/08/01 13:54:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/01 13:53:56 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/01 13:53:28 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/08/01 13:52:20 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010/08/01 13:52:20 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\PhotoScape.lnk
[2010/08/01 13:52:00 | 000,001,999 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Firewall Client Management.lnk
[2010/08/01 13:51:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\FreeStar Free 3GP Converter.lnk
[2010/08/01 13:51:19 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/01 13:51:19 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/01 13:48:30 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2010/08/01 13:48:30 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/08/01 13:48:30 | 000,023,216 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/08/01 13:48:30 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2010/08/01 13:42:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/01 13:42:26 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/01 13:42:20 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\Ali Asad Virus Guard 2.lnk
[2010/08/01 13:42:18 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\Prince\Desktop\InPage 2004.lnk
[2010/08/01 13:41:18 | 000,124,167 | ---- | C] () -- C:\WINDOWS\System32\SYMEVNT.386
[2010/08/01 13:39:56 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\Prince\Application Data\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
[2010/08/01 13:39:56 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2010/08/01 13:39:07 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\igldev32.exe
[2010/08/01 13:39:07 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\deltree.exe
[2010/08/01 13:39:05 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Prince\ntuser.dat.LOG
[2010/08/01 13:39:05 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Prince\ntuser.ini
[2010/08/01 13:39:04 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Prince\NTUSER.DAT
[2010/08/01 13:32:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/01 13:31:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/01 13:31:36 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/08/01 13:31:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/08/01 13:31:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/08/01 13:31:07 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/08/01 13:30:50 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/08/01 13:30:49 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/08/01 13:30:44 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/08/01 13:30:43 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/08/01 13:30:41 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/08/01 13:30:32 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/08/01 13:30:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/08/01 13:30:24 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/08/01 13:30:15 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/08/01 13:30:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/08/01 13:30:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/08/01 13:30:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/08/01 13:30:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/08/01 13:30:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/08/01 13:30:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/08/01 13:30:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/08/01 13:30:11 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/08/01 13:30:11 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/08/01 13:30:11 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/08/01 13:30:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/08/01 13:30:10 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/08/01 13:30:10 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/08/01 13:30:10 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/08/01 13:30:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/08/01 13:30:09 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/08/01 13:30:09 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/08/01 13:30:09 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/08/01 13:30:09 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/08/01 13:30:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/08/01 13:30:08 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/08/01 13:30:08 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/08/01 13:30:08 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/08/01 13:30:08 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/08/01 13:30:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/08/01 13:30:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/08/01 13:30:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/08/01 13:30:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/08/01 13:30:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/08/01 13:30:07 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/08/01 13:30:07 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/08/01 13:29:34 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/01 13:29:34 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/08/01 13:29:34 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/08/01 13:29:34 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/08/01 13:29:34 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/08/01 13:29:24 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/01 13:29:24 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/01 13:29:23 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/01 13:28:30 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/08/01 13:28:30 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/08/01 13:28:24 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/08/01 13:28:09 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/08/01 13:27:44 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/08/01 13:27:44 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/08/01 13:27:40 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/08/01 13:27:30 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/08/01 13:27:19 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/08/01 13:26:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/01 13:26:03 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/08/01 13:26:03 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/08/01 13:26:03 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/08/01 13:26:03 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/08/01 13:26:03 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/08/01 13:26:02 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/08/01 13:26:02 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/08/01 13:26:02 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/08/01 13:26:02 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/08/01 13:26:02 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/08/01 13:26:02 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/08/01 13:26:02 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/08/01 13:26:02 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/08/01 13:26:02 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/08/01 13:26:02 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/08/01 13:26:02 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/08/01 13:26:02 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/08/01 13:26:01 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/08/01 13:26:01 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/08/01 13:26:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/08/01 13:26:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/08/01 13:25:59 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/08/01 13:25:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/01/28 09:22:36 | 000,000,426 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/04 13:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/18 00:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll

========== LOP Check ==========

[2010/08/02 08:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prince\Application Data\COWON
[2010/08/06 20:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prince\Application Data\DMCache
[2010/08/02 23:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prince\Application Data\IDM
[2010/08/06 20:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prince\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/01 13:29:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/01 13:24:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/08/01 13:29:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/01 13:29:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/01 13:29:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 11:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 11:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/08/06 20:13:02 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/08/06 01:04:59 | 000,000,004 | ---- | M] () -- C:\systemlog
[2010/08/01 13:41:36 | 000,023,949 | -H-- | M] () -- C:\_NavCClt.Log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/08/01 13:29:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/08/01 18:19:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/08/01 18:19:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/08/01 18:19:01 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
  • 0

Advertisements


#2
Prince112

Prince112

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OLT (Extras)



OTL Extras logfile created on: 8/6/2010 8:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Prince\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 704.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 5.62 Gb Free Space | 57.59% Space Free | Partition Type: NTFS
Drive D: | 19.52 Gb Total Space | 0.76 Gb Free Space | 3.88% Space Free | Partition Type: FAT32
Drive E: | 19.53 Gb Total Space | 1.28 Gb Free Space | 6.57% Space Free | Partition Type: NTFS
Drive F: | 25.65 Gb Total Space | 1.35 Gb Free Space | 5.25% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FORMAL
Current User Name: Prince
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}" = Microsoft Firewall Client
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom NetXtreme Ethernet Controller
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"ERUNT_is1" = ERUNT 1.1j
"FreeStar Free 3GP Converter" = FreeStar Free 3GP Converter 2.0.2
"Internet Download Manager" = Internet Download Manager
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"PhotoScape" = PhotoScape
"VLC media player" = VLC media player 1.0.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2010 10:58:10 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application igfxsrvc.exe, version 3.0.0.4543, faulting module
igfxsrvc.exe, version 3.0.0.4543, fault address 0x0002dd90.

Error - 8/6/2010 11:11:53 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application igfxsrvc.exe, version 3.0.0.4543, faulting module
igfxsrvc.exe, version 3.0.0.4543, fault address 0x0002dd90.

Error - 8/6/2010 11:12:16 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application imapi.exe, version 5.1.2600.2180, faulting module
imapi.exe, version 5.1.2600.2180, fault address 0x0002d23c.

Error - 8/6/2010 11:12:21 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application alg.exe, version 5.1.2600.2180, faulting module
alg.exe, version 5.1.2600.2180, fault address 0x00011b07.

Error - 8/6/2010 11:13:18 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application igfxsrvc.exe, version 3.0.0.4543, faulting module
igfxsrvc.exe, version 3.0.0.4543, fault address 0x0002dd90.

Error - 8/6/2010 11:13:30 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application imapi.exe, version 5.1.2600.2180, faulting module
imapi.exe, version 5.1.2600.2180, fault address 0x0002d23c.

Error - 8/6/2010 11:13:34 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application alg.exe, version 5.1.2600.2180, faulting module
alg.exe, version 5.1.2600.2180, fault address 0x00011b07.

Error - 8/6/2010 11:14:02 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application igfxsrvc.exe, version 3.0.0.4543, faulting module
igfxsrvc.exe, version 3.0.0.4543, fault address 0x0002dd90.

Error - 8/6/2010 11:14:35 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application igfxsrvc.exe, version 3.0.0.4543, faulting module
igfxsrvc.exe, version 3.0.0.4543, fault address 0x0002dd90.

Error - 8/6/2010 11:16:46 AM | Computer Name = FORMAL | Source = Application Error | ID = 1000
Description = Faulting application igfxsrvc.exe, version 3.0.0.4543, faulting module
igfxsrvc.exe, version 3.0.0.4543, fault address 0x0002dd90.

[ System Events ]
Error - 8/6/2010 11:13:49 AM | Computer Name = FORMAL | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 8/6/2010 11:14:34 AM | Computer Name = FORMAL | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 8/6/2010 11:15:07 AM | Computer Name = FORMAL | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 8/6/2010 11:15:25 AM | Computer Name = FORMAL | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 1.1.1.32 with
the system having network hardware address 00:1E:68:CD:1C:2C. Network operations
on this system may be disrupted as a result.

Error - 8/6/2010 11:15:47 AM | Computer Name = FORMAL | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 1.1.1.32 with
the system having network hardware address 00:1E:68:CD:1C:2C. Network operations
on this system may be disrupted as a result.

Error - 8/6/2010 11:16:58 AM | Computer Name = FORMAL | Source = Dhcp | ID = 1002
Description = The IP address lease 1.1.1.32 for the Network Card with network address
00123F669960 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 8/6/2010 11:16:58 AM | Computer Name = FORMAL | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 8/6/2010 11:17:02 AM | Computer Name = FORMAL | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/6/2010 11:17:02 AM | Computer Name = FORMAL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/6/2010 11:17:17 AM | Computer Name = FORMAL | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.


< End of report >


THANKS IN ADVANCE :)
  • 0

#3
Prince112

Prince112

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Update: I am currently posting from my laptop. My PC has stopped working. When I start it, that screen appears itself which should have appeared if we press F8. yes, the screen for safe mode and other modes. But when I press on "Start windows normally" the computer hangs and the windows wont load. I also tried to enter in safe mode but computer hangs also.

Please i need some reply asap. I am double minded as to what to do. Should I have to install new windows or is there any other way??

Thanks
  • 0

#4
Prince112

Prince112

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
No one?? I need help..
  • 0

#5
Prince112

Prince112

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Update: Just tommorow I reinstalled the windows but today the virus again attacked.. The computer was not starting.. It was restarting again and again before the appearance of desktop.. So just few minutes ago I reinstalled windows again.. I need help fast and nobody is listening here..

I am sure virus is not in C.. It is in some other drive which I cannot format because of important data..
  • 0

#6
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi user :)

So sorry for the delay

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#7
Prince112

Prince112

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hi Ali,

Thanks for the reply.. But combofix is not running.. It says that download a fresh copy.. And a note is written that "You may be infected with a file patching virus"Virut"..
  • 0

#8
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

lets hope you don't have virut.

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\explorer.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

repeat the same procedure for the following files(each):

C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe

  • 0

#9
Prince112

Prince112

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
For EXPLORER


VirSCAN.org Scanned Report :
Scanned time : 2010/08/14 14:08:21 (PKT)
Scanner results: 47% Scanner(s) (17/36) found malware!
File Name : explorer.exe
File Size : 1052672 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 5c92227b0ff6cf069363c7a9b40d44d5
SHA1 : 162ae116722b4cc34f49f76eca32c9d462601675
Online report : http://virscan.org/r...cd4bad8ac5.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.18 20100814080150 2010-08-14 40.09 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 40.09 -
AntiVir 8.2.4.34 7.10.10.182 2010-08-13 0.30 W32/Virut.Gen
Antiy 2.0.18 20100814.4935983 2010-08-14 0.12 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201008132014 2010-08-13 1.35 W32/Virut.AI!Generic (Possible)
AVAST! 4.7.4 100813-1 2010-08-13 0.06 Win32:Vitro
AVG 8.5.793 271.1.1/3069 2010-08-14 0.32 Win32/Virut
BitDefender 7.90123.6147831 7.33340 2010-08-14 4.40 Win32.Virtob.Gen.12
ClamAV 0.96.1 11553 2010-08-14 0.20 -
Comodo 4.0 5731 2010-08-13 40.09 -
CP Secure 1.3.0.5 2010.08.14 2010-08-14 0.11 -
Dr.Web 5.0.2.3300 2010.08.14 2010-08-14 8.89 Win32.Virut.56
F-Prot 4.4.4.56 20100813 2010-08-13 1.33 W32/Virut.AI!Generic
F-Secure 7.02.73807 2010.08.14.01 2010-08-14 0.21 Virus.Win32.Virut.ce [AVP]
Fortinet 4.1.143 12.245 2010-08-13 40.09 -
GData 21.667/21.257 20100814 2010-08-14 40.09 -
ViRobot 20100813 2010.08.13 2010-08-13 40.09 -
Ikarus T3. 2010.08.14.76505 2010-08-14 5.11 Virus.Win32.Virut.q
JiangMin 13.0.900 2010.08.13 2010-08-13 40.09 -
Kaspersky 5.5.10 2010.08.14 2010-08-14 0.11 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2010.8.14.7 2010-08-14 40.09 -
McAfee 5400.1158 6073 2010-08-13 18.01 W32/Virut.n.gen
Microsoft 1.6004 2010.08.14 2010-08-14 40.10 -
Norman 6.05.11 6.05.00 2010-08-13 4.01 W32/Virut.EK
Panda 9.05.01 2010.08.11 2010-08-11 40.09 -
Trend Micro 9.120-1004 7.382.03 2010-08-13 0.03 PE_VIRUX.J-1
Quick Heal 11.00 2010.08.14 2010-08-14 40.09 -
Rising 20.0 22.60.04.04 2010-08-13 40.09 -
Sophos 3.10.0 4.56 2010-08-14 4.03 W32/Scribble-B
Sunbelt 3.9.2432.2 6731 2010-08-13 40.09 -
Symantec 1.3.0.24 20100813.009 2010-08-13 1.47 W32.Virut.CF
nProtect 20100813.01 8802780 2010-08-13 40.09 -
The Hacker 6.5.2.1 v00347 2010-08-13 40.09 -
VBA32 3.12.14.0 20100813.0808 2010-08-13 2.96 Virus.Win32.Virut.X5
VirusBuster 4.5.11.10 10.127.55/2034792 2010-08-14 3.53 Win32.Virut.Y.Gen




For SERVICES


VirSCAN.org Scanned Report :
Scanned time : 2010/08/14 14:34:12 (PKT)
Scanner results: Scanners did not find malware!
File Name : services.exe
File Size : 108032 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : c6ce6eec82f187615d1002bb3bb50ed4
SHA1 : b958912d139cb8dbfeeacdd38ba048c4f452174e
Online report : http://virscan.org/r...8b32eb573e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.18 20100814080150 2010-08-14 40.09 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 37.16 -
AntiVir 8.2.4.34 7.10.10.182 2010-08-13 0.28 -
Antiy 2.0.18 20100814.4935983 2010-08-14 0.14 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201008132014 2010-08-13 1.66 -
AVAST! 4.7.4 100813-1 2010-08-13 0.01 -
AVG 8.5.793 271.1.1/3069 2010-08-14 0.30 -
BitDefender 7.90123.6147831 7.33340 2010-08-14 5.78 -
ClamAV 0.96.1 11553 2010-08-14 0.04 -
Comodo 4.0 5731 2010-08-13 40.45 -
CP Secure 1.3.0.5 2010.08.14 2010-08-14 0.05 -
Dr.Web 5.0.2.3300 2010.08.14 2010-08-14 9.38 -
F-Prot 4.4.4.56 20100813 2010-08-13 1.61 -
F-Secure 7.02.73807 2010.08.14.01 2010-08-14 2.89 -
Fortinet 4.1.143 12.245 2010-08-13 9.22 -
GData 21.667/21.257 20100814 2010-08-14 40.09 -
ViRobot 20100813 2010.08.13 2010-08-13 0.98 -
Ikarus T3. 2010.08.14.76505 2010-08-14 5.19 -
JiangMin 13.0.900 2010.08.13 2010-08-13 1.92 -
Kaspersky 5.5.10 2010.08.14 2010-08-14 0.13 -
KingSoft 2009.2.5.15 2010.8.14.7 2010-08-14 38.69 -
McAfee 5400.1158 6073 2010-08-13 18.40 -
Microsoft 1.6004 2010.08.14 2010-08-14 40.09 -
Norman 6.05.11 6.05.00 2010-08-13 8.06 -
Panda 9.05.01 2010.08.11 2010-08-11 14.05 -
Trend Micro 9.120-1004 7.382.03 2010-08-13 0.03 -
Quick Heal 11.00 2010.08.14 2010-08-14 29.84 -
Rising 20.0 22.60.04.04 2010-08-13 4.09 -
Sophos 3.10.0 4.56 2010-08-14 11.44 -
Sunbelt 3.9.2432.2 6731 2010-08-13 40.29 -
Symantec 1.3.0.24 20100813.009 2010-08-13 0.56 -
nProtect 20100813.01 8802780 2010-08-13 40.09 -
The Hacker 6.5.2.1 v00347 2010-08-13 40.09 -
VBA32 3.12.14.0 20100813.0808 2010-08-13 3.70 -
VirusBuster 4.5.11.10 10.127.55/2034792 2010-08-14 4.26 -



For WINLOGON


VirSCAN.org Scanned Report :
Scanned time : 2010/08/14 14:48:08 (PKT)
Scanner results: 6% Scanner(s) (2/36) found malware!
File Name : winlogon.exe
File Size : 502272 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 01c3346c241652f43aed8e2149881bfe
SHA1 : a5396141cab8b22d9d88b28a814089537dce366a
Online report : http://virscan.org/r...bdc0755231.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.18 20100814080150 2010-08-14 40.10 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 40.09 -
AntiVir 8.2.4.34 7.10.10.182 2010-08-13 0.27 -
Antiy 2.0.18 20100814.4935983 2010-08-14 0.12 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201008132014 2010-08-13 2.38 W32/Swizzor-based.2!Maximus (Heuristic)
AVAST! 4.7.4 100813-1 2010-08-13 0.03 -
AVG 8.5.793 271.1.1/3069 2010-08-14 0.25 -
BitDefender 7.90123.6147831 7.33340 2010-08-14 4.37 -
ClamAV 0.96.1 11553 2010-08-14 0.11 -
Comodo 4.0 5731 2010-08-13 40.09 -
CP Secure 1.3.0.5 2010.08.14 2010-08-14 0.10 -
Dr.Web 5.0.2.3300 2010.08.14 2010-08-14 9.24 -
F-Prot 4.4.4.56 20100813 2010-08-13 2.30 Possible W32/Swizzor-based.2!Maximus
F-Secure 7.02.73807 2010.08.14.01 2010-08-14 1.91 -
Fortinet 4.1.143 12.245 2010-08-13 40.09 -
GData 21.667/21.257 20100814 2010-08-14 40.09 -
ViRobot 20100813 2010.08.13 2010-08-13 40.09 -
Ikarus T3. 2010.08.14.76505 2010-08-14 4.98 -
JiangMin 13.0.900 2010.08.13 2010-08-13 40.09 -
Kaspersky 5.5.10 2010.08.14 2010-08-14 0.15 -
KingSoft 2009.2.5.15 2010.8.14.7 2010-08-14 40.09 -
McAfee 5400.1158 6073 2010-08-13 18.16 -
Microsoft 1.6004 2010.08.14 2010-08-14 40.29 -
Norman 6.05.11 6.05.00 2010-08-13 6.01 -
Panda 9.05.01 2010.08.11 2010-08-11 40.11 -
Trend Micro 9.120-1004 7.382.03 2010-08-13 0.03 -
Quick Heal 11.00 2010.08.14 2010-08-14 40.09 -
Rising 20.0 22.60.04.04 2010-08-13 40.09 -
Sophos 3.10.0 4.56 2010-08-14 4.04 -
Sunbelt 3.9.2432.2 6731 2010-08-13 40.09 -
Symantec 1.3.0.24 20100813.009 2010-08-13 0.15 -
nProtect 20100813.01 8802780 2010-08-13 40.13 -
The Hacker 6.5.2.1 v00347 2010-08-13 40.09 -
VBA32 3.12.14.0 20100813.0808 2010-08-13 3.39 -
VirusBuster 4.5.11.10 10.127.55/2034792 2010-08-14 3.05 -


For SVCHOST


VirSCAN.org Scanned Report :
Scanned time : 2010/08/14 15:04:20 (PKT)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 8f078ae4ed187aaabc0a305146de6716
SHA1 : da0ff4006859a7580aba81f486f692dead2014fe
Online report : http://virscan.org/r...a1da67ff1a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.18 20100814080150 2010-08-14 40.09 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 40.28 -
AntiVir 8.2.4.34 7.10.10.182 2010-08-13 0.90 -
Antiy 2.0.18 20100814.4935983 2010-08-14 0.13 -
Arcavir 2009 201006281601 2010-06-28 0.02 -
Authentium 5.1.1 201008132014 2010-08-13 2.83 -
AVAST! 4.7.4 100813-1 2010-08-13 0.01 -
AVG 8.5.793 271.1.1/3069 2010-08-14 1.67 -
BitDefender 7.90123.6147924 7.33341 2010-08-14 9.55 -
ClamAV 0.96.1 11553 2010-08-14 0.01 -
Comodo 4.0 5731 2010-08-13 40.18 -
CP Secure 1.3.0.5 2010.08.14 2010-08-14 0.04 -
Dr.Web 5.0.2.3300 2010.08.14 2010-08-14 9.11 -
F-Prot 4.4.4.56 20100813 2010-08-13 1.27 -
F-Secure 7.02.73807 2010.08.14.01 2010-08-14 0.12 -
Fortinet 4.1.143 12.245 2010-08-13 40.09 -
GData 21.667/21.257 20100814 2010-08-14 40.09 -
ViRobot 20100813 2010.08.13 2010-08-13 40.09 -
Ikarus T3. 2010.08.14.76505 2010-08-14 4.92 -
JiangMin 13.0.900 2010.08.13 2010-08-13 40.09 -
Kaspersky 5.5.10 2010.08.14 2010-08-14 0.08 -
KingSoft 2009.2.5.15 2010.8.14.7 2010-08-14 40.09 -
McAfee 5400.1158 6073 2010-08-13 17.59 -
Microsoft 1.6004 2010.08.14 2010-08-14 40.09 -
Norman 6.05.11 6.05.00 2010-08-13 8.01 -
Panda 9.05.01 2010.08.11 2010-08-11 40.19 -
Trend Micro 9.120-1004 7.382.03 2010-08-13 0.03 -
Quick Heal 11.00 2010.08.14 2010-08-14 40.09 -
Rising 20.0 22.60.04.04 2010-08-13 40.09 -
Sophos 3.10.0 4.56 2010-08-14 3.98 -
Sunbelt 3.9.2432.2 6731 2010-08-13 40.09 -
Symantec 1.3.0.24 20100813.009 2010-08-13 0.29 -
nProtect 20100813.01 8802780 2010-08-13 40.09 -
The Hacker 6.5.2.1 v00347 2010-08-13 40.13 -
VBA32 3.12.14.0 20100813.0808 2010-08-13 3.05 -
VirusBuster 4.5.11.10 10.127.55/2034792 2010-08-14 2.37 -
  • 0

#10
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

bad news sorry

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.
  • Backup all your documents and important items only.
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe, .pdf, .jpg, .doc or .scr files
  • Reformat and Reinstall as outlined HERE


I suggest you do the following immediately:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

  • 0

#11
Prince112

Prince112

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Oh thats bad.. Really.. Hey just wanna ask can I backup these files?

- .mp3(MP3 songs)

- JPEG (Images)

- Application (The setup of softwares like mozilla firefox etc which I have kept for installation after new windows install)

- .flv (Videos)

- Wordpad documents


Fortunately I dont have any online bank account. Even I don't have a credit card.. Only online accounts are on some forums and on face book.. Which I am gonna change passwords with my clean laptop..

Thanks Ali for the reply :)


Hey can I backup those files on which when I right click to see properties its written

Type of file : Application

Because my drivers are of this type..
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

No you can not backup any application including any application setup and drivers , if you do so you risk spreading back the infection.

it is better if you format all your drives and download fresh applications.
  • 0

#13
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP