anti virus finds 27 threats including TR/AntiHosts.Gen Trojan

View previous topic View next topic Go down

Solved anti virus finds 27 threats including TR/AntiHosts.Gen Trojan

Post by BigAmzz on Fri Jun 25, 2010 6:00 pm

me again............my friend gave me his desktop and the first thing i did was run a scan with avira and it lit up like crazy and found 27 problems here is a report from my anti virus im just wondering whether that will be the end of the problem now or whether there could still be deeper issues (otl report to follow)

OTL logfile created on: 25/06/2010 18:42:26 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\liam\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 203.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.14 Gb Total Space | 35.17 Gb Free Space | 64.95% Space Free | Partition Type: NTFS
Drive D: | 410.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 20.36 Gb Total Space | 20.08 Gb Free Space | 98.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRENDAN-GULF0RJ
Current User Name: liam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/25 18:38:32 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liam\My Documents\Downloads\OTL.exe
PRC - [2010/06/14 13:19:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/14 13:19:31 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/22 11:46:10 | 000,390,824 | ---- | M] (Avira GmbH) -- c:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/15 13:19:44 | 001,564,672 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 00:00:54 | 001,585,152 | ---- | M] (Belkin Corporation) -- C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/03 00:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/04/20 00:17:05 | 000,421,888 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/11/10 14:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/09/10 17:13:29 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2003/11/13 13:19:32 | 001,232,946 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2003/11/13 13:18:58 | 000,798,772 | ---- | M] (AHEAD Software) -- C:\Program Files\Ahead\InCD\incdsrv.exe
PRC - [2003/09/25 16:50:14 | 000,032,768 | R--- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2003/01/21 15:25:46 | 000,098,304 | ---- | M] () -- C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe


========== Modules (SafeList) ==========

MOD - [2010/06/25 18:38:32 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\liam\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SpywareCleanerService)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/09/03 00:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/03 00:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/06/29 09:29:30 | 000,184,373 | ---- | M] () [Auto | Stopped] -- C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe -- (AOLService)
SRV - [2003/11/13 13:18:58 | 000,798,772 | ---- | M] (AHEAD Software) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2003/09/25 16:50:14 | 000,032,768 | R--- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe -- (PavPrSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/11 13:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/20 17:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 17:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 10:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/10/15 09:29:22 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\core.sys -- (core)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/11/09 18:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/10/25 10:29:49 | 000,012,288 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\flthidir.sys -- (NetVSvc)
DRV - [2005/10/24 15:04:00 | 000,012,288 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\raw08nt5.sys -- (lan2omp)
DRV - [2005/10/24 14:12:21 | 000,012,288 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\atimcd.sys -- (iPosrvc)
DRV - [2005/10/24 14:06:57 | 000,012,288 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ndi1mdxx.sys -- (Trksdsk)
DRV - [2005/10/24 14:03:10 | 000,012,288 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smcdpass.sys -- (Npfsr)
DRV - [2005/10/24 13:58:25 | 000,012,288 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mtlnthal.sys -- (IpF350p)
DRV - [2005/09/10 17:13:32 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/08 13:32:55 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/08/29 19:08:38 | 000,368,256 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/19 18:57:24 | 000,029,744 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH)
DRV - [2003/11/13 13:22:08 | 000,028,624 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/11/13 13:21:18 | 000,088,848 | ---- | M] (Ahead Software) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/10/17 17:07:24 | 000,017,248 | R--- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2003/10/08 18:20:40 | 000,160,176 | R--- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2003/09/19 15:14:42 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2003/09/19 15:14:14 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003/09/19 15:11:16 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003/08/21 15:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/03/31 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/03/25 10:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2003/02/20 02:18:36 | 000,036,608 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/01/10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/17 08:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 10:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 16:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/05/11 05:31:48 | 000,633,220 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Intels51.sys -- (Intels51) Intel(R)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 B0 5E E9 30 13 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 17:58:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 19:56:52 | 000,000,000 | ---D | M]

[2010/06/24 16:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\liam\Application Data\Mozilla\Extensions
[2010/06/24 19:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\liam\Application Data\Mozilla\Firefox\Profiles\k020bat1.default\extensions
[2010/06/24 16:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 01:10:42 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/12 01:10:42 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/12 01:10:42 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/12 01:10:42 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2003/08/21 02:23:11 | 000,001,361 | -HS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [lsass] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [BlockAds] File not found
O4 - HKCU..\Run: [Fwf] C:\Documents and Settings\Brendan\My Documents\Μіcrosoft.NET\dllhost.exe File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [TransparentIcons] File not found
O4 - HKCU..\Run: [TransTask] File not found
O4 - HKCU..\Run: [Tweak-XP] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} [You must be registered and logged in to see this link.] (iPIX ActiveX Control)
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} [You must be registered and logged in to see this link.] (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} [You must be registered and logged in to see this link.] (Seekford Solutions, Inc.'s ssiPictureUploader Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [You must be registered and logged in to see this link.] (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} [You must be registered and logged in to see this link.] (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/08 11:51:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/08 11:51:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices


BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29868
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: anti virus finds 27 threats including TR/AntiHosts.Gen Trojan

Post by BigAmzz on Fri Jun 25, 2010 6:01 pm

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.JPEG - C:\WINDOWS\System32\JPEGCODE.DLL ()
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\JPEGCODE.DLL ()
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/06/25 17:19:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/25 16:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\PakkISO
[2010/06/25 12:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/06/25 02:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Application Data\fltk.org
[2010/06/25 02:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/25 02:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/06/24 19:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Application Data\Ahead
[2010/06/24 19:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/24 19:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/06/24 19:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/06/24 18:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2010/06/24 18:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Desktop\Downloads
[2010/06/24 18:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Application Data\GetRightToGo
[2010/06/24 16:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\My Documents\Downloads
[2010/06/24 16:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Local Settings\Application Data\Mozilla
[2010/06/24 16:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Application Data\Mozilla
[2010/06/24 16:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/24 16:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Application Data\DivX
[2010/06/23 21:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Application Data\Avira
[2010/06/23 21:23:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/06/23 21:23:46 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/06/23 21:23:46 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/06/23 21:23:46 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/06/23 21:23:46 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/06/23 21:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/23 21:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/06/23 21:04:52 | 031,173,080 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\liam\My Documents\sp38056.exe
[2010/06/23 20:51:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/06/23 20:50:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/06/23 20:50:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010/06/23 20:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\{9044EB87-7F7C-4801-9A35-1481E1017EAE}
[2010/06/23 20:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/06/23 20:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\liam\Application Data\InstallShield
[2010/06/23 20:05:44 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

========== Files - Modified Within 30 Days ==========

[2010/06/25 17:10:44 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\liam\NTUSER.DAT
[2010/06/25 15:56:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/25 15:56:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/25 15:54:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\liam\ntuser.ini
[2010/06/25 15:54:33 | 001,574,540 | -H-- | M] () -- C:\Documents and Settings\liam\Local Settings\Application Data\IconCache.db
[2010/06/25 14:44:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/06/25 02:07:00 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/06/25 00:35:50 | 000,000,728 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010/06/24 19:36:54 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\liam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/24 19:12:12 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/24 19:12:11 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/06/24 16:43:17 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\liam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/24 16:43:17 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/24 16:34:50 | 000,059,208 | ---- | M] () -- C:\Documents and Settings\liam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/24 16:33:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/24 01:03:25 | 000,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 21:24:02 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/23 20:26:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/23 20:15:13 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
[2010/06/23 20:15:13 | 000,000,980 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless USB Utility.lnk
[2010/06/23 20:07:17 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk
[2010/06/23 20:07:17 | 000,001,495 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless G USB Adapter Client Utility.lnk
[2010/06/23 19:59:11 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/06/17 14:30:50 | 031,173,080 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\liam\My Documents\sp38056.exe

========== Files Created - No Company Name ==========

[2010/06/25 14:44:15 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/06/25 02:07:00 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/06/24 19:12:12 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/24 19:12:11 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/06/24 16:43:17 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\liam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/24 16:43:17 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/24 16:20:08 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\liam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 21:24:02 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/23 20:15:13 | 000,000,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
[2010/06/23 20:15:13 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless USB Utility.lnk
[2010/06/23 20:07:18 | 000,013,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2010/06/23 20:07:17 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk
[2010/06/23 20:07:17 | 000,001,495 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless G USB Adapter Client Utility.lnk
[2010/06/23 19:59:11 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010/05/24 20:33:00 | 004,670,829 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/05/24 20:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/05/24 20:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/05/24 20:33:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/05/24 20:33:00 | 000,810,113 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/24 20:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/05/24 20:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/05/24 20:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/05/24 20:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/05/24 20:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/05/24 20:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/05/24 20:33:00 | 000,139,944 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/05/24 20:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/05/24 20:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/05/24 20:33:00 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/24 20:33:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/05/24 20:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/05/19 21:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/05/19 21:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/05/19 21:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/05/19 21:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/05/19 21:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/05/19 21:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/05/19 21:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/05/19 21:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/05/19 21:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/05/19 21:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/03/27 13:10:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/03/27 13:10:31 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/03/27 13:10:31 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/06/07 17:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/14 20:44:48 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2007/10/14 20:29:52 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/06/15 18:15:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\core.sys
[2006/12/30 21:17:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/10/06 16:23:28 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2006/07/01 19:56:42 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2006/07/01 19:51:31 | 000,102,912 | R--- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2006/05/29 15:52:33 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2006/05/29 15:52:31 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2006/03/18 18:07:16 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/02/15 20:19:58 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/02/15 20:18:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4800EFGIPSD.ini
[2005/10/25 10:29:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\flthidir.sys
[2005/10/24 15:04:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\raw08nt5.sys
[2005/10/24 14:12:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\atimcd.sys
[2005/10/24 14:06:57 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndi1mdxx.sys
[2005/10/24 14:03:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\smcdpass.sys
[2005/10/24 13:58:25 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlnthal.sys
[2005/10/16 14:13:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/14 21:09:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PS5_SETUP.ini
[2005/09/10 17:07:44 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/09/08 13:46:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/08 12:33:27 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/09/08 12:33:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/09/08 12:33:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/09/08 12:33:26 | 001,900,544 | ---- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll
[2005/09/08 12:33:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/09/08 12:33:25 | 000,059,998 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2005/09/08 12:33:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/09/08 12:27:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2005/07/11 22:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 00:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/09/19 15:35:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/09/19 15:34:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/09/19 15:27:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/09/19 15:14:42 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/11/24 18:05:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\CPUINFO2.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 05:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/09/08 12:39:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/09/08 12:39:55 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/09/08 12:39:55 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/03/31 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2003/03/11 19:15:08 | 000,009,919 | ---- | M] (AOpen Inc.) -- C:\WINDOWS\system32\AONMDI.SYS
[2003/03/31 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2010/01/20 17:53:06 | 000,013,192 | ---- | M] () -- C:\WINDOWS\system32\epmntdrv.sys
[2010/01/20 17:53:04 | 000,008,456 | ---- | M] () -- C:\WINDOWS\system32\EuGdiDrv.sys
[2003/03/31 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2003/03/31 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2003/03/31 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2003/03/31 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2003/03/31 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2003/03/31 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2003/03/31 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2003/03/31 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 22:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 22:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 22:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 22:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 22:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2005/09/08 13:32:55 | 000,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\system32\SVKP.sys
[2005/08/29 19:08:38 | 000,368,256 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys
[2004/08/03 23:07:34 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/02 06:56:34 | 001,850,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2004/01/13 19:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ZDPNDIS5.SYS

< %systemroot%\system32\drivers\*.dll >
[2004/08/04 00:56:42 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2004/08/04 00:56:42 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2004/08/04 00:56:42 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2004/08/04 00:56:42 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2004/08/04 00:56:42 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2004/08/04 00:56:42 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2004/08/04 00:56:42 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004/08/04 00:56:42 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2004/08/04 00:56:42 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2004/08/04 00:56:42 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2004/08/04 00:56:42 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2004/08/04 00:56:42 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2004/08/04 00:56:42 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/04 00:56:46 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2004/08/04 00:56:48 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >
[2007/08/07 10:38:12 | 000,013,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\string.ini

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2005/09/08 11:51:57 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/12/05 20:30:34 | 000,562,494 | RHS- | M] () -- C:\AVG7DB_F.DAT
[2005/10/10 08:00:02 | 012,283,633 | ---- | M] () -- C:\AVG7QT.DAT
[2010/03/27 13:37:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/09/08 11:51:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/21 04:14:55 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2005/09/08 11:51:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/09/08 11:51:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/09/08 12:12:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/09/08 12:12:48 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/25 15:55:57 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/03/29 19:49:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/08 22:30:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/10/27 23:50:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/10/27 23:58:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/10/28 00:02:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/10/28 00:17:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/03/26 20:47:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/03/26 23:06:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/03/27 00:09:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/03/27 00:25:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/03/27 11:15:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/03/27 11:21:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/12/30 09:18:34 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/01/05 09:43:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/03/02 10:10:53 | 000,000,292 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/01/05 09:35:50 | 000,000,292 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/01/22 19:45:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/01/28 07:35:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2003/08/21 01:19:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/01/06 09:35:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/03/29 19:49:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/09/08 22:30:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/10/27 23:50:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/10/27 23:58:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/10/28 00:02:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/10/28 00:17:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/03/26 20:47:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/03/26 23:06:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/03/27 00:09:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/03/27 00:25:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/03/27 11:15:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/03/27 11:21:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/12/30 09:18:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/01/05 09:43:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/03/02 10:10:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/01/05 09:35:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/01/22 19:45:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/01/28 07:35:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2003/08/21 01:19:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/01/06 09:35:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %PROGRAMFILES%\*. >
[2005/09/08 12:47:40 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2005/09/08 13:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2007/03/04 15:17:07 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2007/11/04 00:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\AOL 9.0
[2005/10/16 17:33:02 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2005/10/16 14:22:28 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Toolbar
[2005/09/08 12:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\AOpen
[2003/08/21 01:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/07/01 19:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/06/23 21:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/06/23 20:15:11 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2005/10/24 14:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\Bt ahead
[2005/10/24 14:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\C-mcsoft
[2005/09/08 12:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\C-Media 3D Audio
[2010/03/27 11:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/09/08 11:49:24 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/03/27 13:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\EASEUS
[2010/03/27 12:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2010/03/27 12:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/10/14 10:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2003/08/21 00:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/23 20:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/09/08 12:52:01 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/10/14 13:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\Intisoft
[2005/10/24 13:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\Intlorer
[2007/06/30 21:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2007/06/30 21:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2005/12/16 21:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2005/09/10 17:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/03/27 11:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2007/09/30 14:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\LiveUpdate
[2010/03/27 11:56:20 | 000,000,000 | ---D | M] -- C:\Program Files\Maple 10
[2005/10/25 10:29:49 | 000,000,000 | ---D | M] -- C:\Program Files\Maxipod
[2005/09/27 14:25:27 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2010/06/24 19:12:05 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2008/08/18 23:23:45 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/11/25 12:42:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/10/14 11:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2005/09/08 13:51:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft AutoRoute
[2005/09/08 13:55:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Encarta
[2005/09/08 11:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2005/09/08 13:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2003/08/21 01:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/09/08 13:53:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2003/08/21 01:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/09/08 13:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2005/09/08 13:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2004
[2007/09/30 14:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\mobile PhoneTools
[2003/08/21 01:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/24 16:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2005/09/08 11:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/09/12 21:34:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Apps
[2005/09/08 11:48:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/06/26 17:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2006/11/18 00:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2005/10/24 15:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Netcsoft
[2005/11/18 21:02:43 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/12/30 21:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2005/09/08 11:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/23 20:18:56 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/06/25 16:24:44 | 000,000,000 | ---D | M] -- C:\Program Files\PakkISO
[2007/02/26 20:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2003/08/21 02:19:10 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/09/10 17:13:28 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/10/14 20:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2005/09/08 12:38:10 | 000,000,000 | ---D | M] -- C:\Program Files\SiSLan
[2007/03/09 23:57:03 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2003/08/21 01:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2007/10/15 09:24:53 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2005/09/12 21:27:03 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/03/27 00:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2005/09/08 13:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Tweak-XP Pro
[2010/03/27 11:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\TweakNow RegCleaner
[2005/09/08 12:00:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/09/10 17:14:12 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2005/12/17 19:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2007/09/24 20:17:15 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2006/02/19 01:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2005/09/08 12:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/09/08 11:48:48 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/06/25 02:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2005/09/08 11:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/11/24 23:13:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2005/09/08 12:41:32 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\liam\Application Data\desktop.ini
[2003/08/21 01:41:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\liam\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/03/31 13:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2003/03/31 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2003/03/31 13:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2003/03/31 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2003/03/31 13:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/03/31 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 19:26:08

========== Files - Unicode (All) ==========
[2007/11/04 13:23:28 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ystem) -- C:\WINDOWS\System32\ѕystem
[2007/11/04 13:23:28 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ystem) -- C:\WINDOWS\System32\ѕystem
[2007/10/14 11:08:52 | 000,000,000 | ---D | M](C:\Program Files\Common Files\T?sks) -- C:\Program Files\Common Files\Tаsks
[2007/08/14 17:42:30 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2007/08/14 17:42:30 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2007/06/21 19:07:45 | 000,000,000 | ---D | M](C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
[2007/06/21 19:07:45 | 000,000,000 | ---D | M](C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
(C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
(C:\Program Files\Common Files\T?sks) -- C:\Program Files\Common Files\Tаsks
(C:\Program Files\?dobe) -- C:\Program Files\Аdobe
< End of report >

BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29868
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: anti virus finds 27 threats including TR/AntiHosts.Gen Trojan

Post by BigAmzz on Fri Jun 25, 2010 6:02 pm

OTL Extras logfile created on: 25/06/2010 18:42:26 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\liam\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 203.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.14 Gb Total Space | 35.17 Gb Free Space | 64.95% Space Free | Partition Type: NTFS
Drive D: | 410.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 20.36 Gb Total Space | 20.08 Gb Free Space | 98.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRENDAN-GULF0RJ
Current User Name: liam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.reg [@ = regfile] -- "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Maple 10\jre\bin\maple.exe" = C:\Program Files\Maple 10\jre\bin\maple.exe:*:Enabled:maple -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{045A0044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard - WE 2004
"{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}" = Sony Ericsson Media Manager 1.0
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{1D643CD2-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}" = Smart Start UP
"{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}" = ArcSoft PhotoImpression 4
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{7A1E184F-E4EC-4596-B9A7-52437DC73A14}" = Digimax A7
"{7D4ED56E-C3DF-46F6-924B-D6774A766943}" = ArcSoft PhotoImpression 4
"{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money System Pack
"{8FC46258-0843-4D79-B7F0-F2B82FE6173B}" = Apple Mobile Device Support
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}" = Digimax Viewer 2.1
"{A048E41D-CEBE-4B38-9168-193D681337AE}" = ArcSoft PhotoStudio 5
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BA3BC81F-0035-4D62-8AB4-6F83D7C1F480}" = Tweak-XP Pro
"{BB85F18B-43C6-48B5-ABA9-6A5DDA65AA1B}" = Panda Antivirus Titanium
"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}" = Presto! Mr. Photo 3
"{C01EAD00-7A41-4045-9FB7-07813BA1EDAE}" = Samsung PC Studio 3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Software
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Standard 9
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040229.1 uk)
"AOpen Multimedia Utilities" = AOpen Multimedia Utilities
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C-Media Audio" = C-Media 3D Audio
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"MSN Toolbar" = MSN Toolbar
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2 SE
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PakkISO_is1" = PakkISO 0.4
"Picasa2" = Picasa 2
"PictureIt_v9" = Microsoft Picture It! Photo Standard 9
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Skype_is1" = Bebo - Skype 3.0
"SpywareBlaster_is1" = SpywareBlaster v3.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Titanium 2004" = Titanium 2004
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows XP Service Pack" = Windows XP Service Pack 2
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/06/2010 16:24:43 | Computer Name = BRENDAN-GULF0RJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/06/2010 16:24:43 | Computer Name = BRENDAN-GULF0RJ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/06/2010 14:53:16 | Computer Name = BRENDAN-GULF0RJ | Source = Application Hang | ID = 1002
Description = Hanging application nero.exe, version 6.0.0.27, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/06/2010 21:49:57 | Computer Name = BRENDAN-GULF0RJ | Source = Application Error | ID = 1000
Description = Faulting application epsxe.exe, version 0.0.0.0, faulting module d3dim700.dll,
version 5.3.2600.2180, fault address 0x00016201.

Error - 25/06/2010 09:22:50 | Computer Name = BRENDAN-GULF0RJ | Source = Application Error | ID = 1000
Description = Faulting application epsxe.exe, version 0.0.0.0, faulting module cdrmooby2.dll,
version 0.0.0.0, fault address 0x00018265.

Error - 25/06/2010 09:23:00 | Computer Name = BRENDAN-GULF0RJ | Source = Application Error | ID = 1000
Description = Faulting application epsxe.exe, version 0.0.0.0, faulting module cdrmooby2.dll,
version 0.0.0.0, fault address 0x00018265.

Error - 25/06/2010 09:23:18 | Computer Name = BRENDAN-GULF0RJ | Source = Application Error | ID = 1000
Description = Faulting application epsxe.exe, version 0.0.0.0, faulting module cdrmooby2.dll,
version 0.0.0.0, fault address 0x00018265.

Error - 25/06/2010 10:32:47 | Computer Name = BRENDAN-GULF0RJ | Source = Application Error | ID = 1000
Description = Faulting application epsxe.exe, version 0.0.0.0, faulting module cdrmooby2.dll,
version 0.0.0.0, fault address 0x00018265.

Error - 25/06/2010 11:42:07 | Computer Name = BRENDAN-GULF0RJ | Source = Application Error | ID = 1000
Description = Faulting application epsxe.exe, version 0.0.0.0, faulting module cdrmooby2.dll,
version 0.0.0.0, fault address 0x00018265.

Error - 25/06/2010 12:26:47 | Computer Name = BRENDAN-GULF0RJ | Source = Ci | ID = 4118
Description = A content scan could not be completed on Dc19.

[ System Events ]
Error - 24/06/2010 13:40:10 | Computer Name = BRENDAN-GULF0RJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2010 13:40:10 | Computer Name = BRENDAN-GULF0RJ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 24/06/2010 14:58:18 | Computer Name = BRENDAN-GULF0RJ | Source = Service Control Manager | ID = 7000
Description = The SpywareCleanerService service failed to start due to the following
error: %%2

Error - 25/06/2010 07:46:16 | Computer Name = BRENDAN-GULF0RJ | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.

Error - 25/06/2010 07:47:02 | Computer Name = BRENDAN-GULF0RJ | Source = Service Control Manager | ID = 7000
Description = The SpywareCleanerService service failed to start due to the following
error: %%2

Error - 25/06/2010 10:57:39 | Computer Name = BRENDAN-GULF0RJ | Source = Service Control Manager | ID = 7000
Description = The SpywareCleanerService service failed to start due to the following
error: %%2

Error - 25/06/2010 12:20:59 | Computer Name = BRENDAN-GULF0RJ | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.

Error - 25/06/2010 12:26:36 | Computer Name = BRENDAN-GULF0RJ | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
could not grow in time. Consider reducing the IO load on this system to avoid this
problem in the future.

Error - 25/06/2010 13:43:15 | Computer Name = BRENDAN-GULF0RJ | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 25/06/2010 13:43:15 | Computer Name = BRENDAN-GULF0RJ | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29868
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: anti virus finds 27 threats including TR/AntiHosts.Gen Trojan

Post by BigAmzz on Fri Jun 25, 2010 6:03 pm

anti virus scan report..............

Avira AntiVir Personal
Report file date: 25 June 2010 17:21

Scanning for 2270810 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BRENDAN-GULF0RJ

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 20:25:21
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 20:25:28
VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 20:25:28
VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 20:25:28
VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 20:25:28
VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 20:25:28
VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 20:25:28
VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 20:25:28
VBASE013.VDF : 7.10.8.37 270336 Bytes 10/06/2010 20:25:29
VBASE014.VDF : 7.10.8.69 138752 Bytes 14/06/2010 20:25:29
VBASE015.VDF : 7.10.8.102 130560 Bytes 16/06/2010 20:25:30
VBASE016.VDF : 7.10.8.135 152064 Bytes 21/06/2010 20:25:30
VBASE017.VDF : 7.10.8.163 432128 Bytes 23/06/2010 20:25:32
VBASE018.VDF : 7.10.8.164 2048 Bytes 23/06/2010 20:25:32
VBASE019.VDF : 7.10.8.165 2048 Bytes 23/06/2010 20:25:32
VBASE020.VDF : 7.10.8.166 2048 Bytes 23/06/2010 20:25:32
VBASE021.VDF : 7.10.8.167 2048 Bytes 23/06/2010 20:25:32
VBASE022.VDF : 7.10.8.168 2048 Bytes 23/06/2010 20:25:32
VBASE023.VDF : 7.10.8.169 2048 Bytes 23/06/2010 20:25:32
VBASE024.VDF : 7.10.8.170 2048 Bytes 23/06/2010 20:25:32
VBASE025.VDF : 7.10.8.171 2048 Bytes 23/06/2010 20:25:32
VBASE026.VDF : 7.10.8.172 2048 Bytes 23/06/2010 20:25:32
VBASE027.VDF : 7.10.8.173 2048 Bytes 23/06/2010 20:25:32
VBASE028.VDF : 7.10.8.174 2048 Bytes 23/06/2010 20:25:32
VBASE029.VDF : 7.10.8.175 2048 Bytes 23/06/2010 20:25:32
VBASE030.VDF : 7.10.8.176 2048 Bytes 23/06/2010 20:25:32
VBASE031.VDF : 7.10.8.190 129024 Bytes 25/06/2010 16:17:59
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 23/06/2010 20:25:42
AEscript.DLL : 8.1.3.33 1356155 Bytes 23/06/2010 20:25:42
AESCN.DLL : 8.1.6.1 127347 Bytes 23/06/2010 20:25:41
AESBX.DLL : 8.1.3.1 254324 Bytes 23/06/2010 20:25:43
AERDL.DLL : 8.1.4.6 541043 Bytes 23/06/2010 20:25:41
AEPACK.DLL : 8.2.2.5 430453 Bytes 23/06/2010 20:25:40
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 23/06/2010 20:25:39
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 23/06/2010 20:25:39
AEHELP.DLL : 8.1.11.6 242038 Bytes 23/06/2010 20:25:35
AEGEN.DLL : 8.1.3.12 377204 Bytes 23/06/2010 20:25:35
AEEMU.DLL : 8.1.2.0 393588 Bytes 23/06/2010 20:25:34
AECORE.DLL : 8.1.15.3 192886 Bytes 23/06/2010 20:25:34
AEBB.DLL : 8.1.1.0 53618 Bytes 23/06/2010 20:25:33
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 25 June 2010 17:21

Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started
Scan process 'cidaemon.exe' - '37' Module(s) have been scanned
Scan process 'avscan.exe' - '63' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '64' Module(s) have been scanned
Scan process 'avcenter.exe' - '62' Module(s) have been scanned
Scan process 'firefox.exe' - '80' Module(s) have been scanned
Scan process 'wuauclt.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'pavprsrv.exe' - '6' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '31' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '19' Module(s) have been scanned
Scan process 'cisvc.exe' - '32' Module(s) have been scanned
Scan process 'btwdins.exe' - '16' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'ALUSchedulerSvc.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '21' Module(s) have been scanned
Scan process 'AOLAcsd.exe' - '46' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'SSScheduler.exe' - '17' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '34' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '40' Module(s) have been scanned
Scan process 'msmsgs.exe' - '79' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'avgnt.exe' - '51' Module(s) have been scanned
Scan process 'RealPlay.exe' - '58' Module(s) have been scanned
Scan process 'InCD.exe' - '27' Module(s) have been scanned
Scan process 'RunDll32.exe' - '40' Module(s) have been scanned
Scan process 'PicasaMediaDetector.exe' - '32' Module(s) have been scanned
Scan process 'PnPDetect.exe' - '38' Module(s) have been scanned
Scan process 'jusched.exe' - '19' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '19' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'spoolsv.exe' - '64' Module(s) have been scanned
Scan process 'Explorer.EXE' - '107' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '45' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:'
[INFO] No virus was found!
Boot sector 'E:'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1126' files ).


Starting the file scan:

Begin scan in 'C:'
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0101200614364690312.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0115200613334912593.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968250.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968390.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968437.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968515.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968625.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968640.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204630921.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204631015.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204631062.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204631140.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204631171.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0327200618476458703.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0701200613587076484.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1201200620516194906.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1208200618376026578.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1220200521377616265.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1220200521377616468.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1220200521377616640.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1220200521377616687.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
C:\WINDOWS\b136.exe
[0] Archive type: NSIS
[DETECTION] Contains recognition pattern of the DR/Drop.Agent.bfr dropper
--> [UnknownDir]/install.exe
[DETECTION] Is the TR/Drop.Agent.bfr Trojan
--> [UnknownDir]/[PluginsDir]/Services.dll
[DETECTION] Contains recognition pattern of the ADSPY/Softomate.U.23 adware or spyware
C:\WINDOWS\system32\drivers\etc\1.hosts
[DETECTION] Is the TR/AntiHosts.Gen Trojan
C:\WINDOWS\system32\drivers\etc\2.hosts
[DETECTION] Is the TR/AntiHosts.Gen Trojan
C:\WINDOWS\system32\drivers\etc\3.hosts
[DETECTION] Is the TR/AntiHosts.Gen Trojan
Begin scan in 'E:'

Beginning disinfection:
C:\WINDOWS\system32\drivers\etc\3.hosts
[DETECTION] Is the TR/AntiHosts.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4692439c.qua'.
C:\WINDOWS\system32\drivers\etc\2.hosts
[DETECTION] Is the TR/AntiHosts.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5e056c3b.qua'.
C:\WINDOWS\system32\drivers\etc\1.hosts
[DETECTION] Is the TR/AntiHosts.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0c5a36d3.qua'.
C:\WINDOWS\b136.exe
[DETECTION] Contains recognition pattern of the DR/Drop.Agent.bfr dropper
[NOTE] The file was moved to the quarantine directory under the name '6ab67914.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1220200521377616687.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '2ff55407.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1220200521377616640.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '50ee6666.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1220200521377616468.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '1c564a2c.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1220200521377616265.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '604e0a7c.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1208200618376026578.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '4d142531.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle1201200620516194906.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '547c1eac.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0701200613587076484.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '3820329c.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0327200618476458703.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '49990b09.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204631171.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '47833bce.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204631140.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '02aa428c.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204631062.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '0ba14627.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204631015.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '53e05f4e.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0221200617204630921.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '7f142682.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968640.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '41ea4658.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968625.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '22e46d2b.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968515.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '042c2d36.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968437.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '36b85693.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968390.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '3cfd7ded.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0130200618074968250.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '03ae19a8.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0115200613334912593.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '7d82158f.qua'.
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0101200614364690312.asw
[DETECTION] Contains recognition pattern of the EXP/Agent.B exploit
[NOTE] The file was moved to the quarantine directory under the name '28fa1144.qua'.


End of the scan: 25 June 2010 18:26
Used time: 1:05:17 Hour(s)

The scan has been done completely.

6678 Scanned directories
231491 Files were scanned
27 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
25 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
231464 Files not concerned
1600 Archives were scanned
0 Warnings
25 Notes


BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29868
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum