Hi Again,
Avira it is then!!.. ran a scan with it and it found 48 detections.. some referring to the lets bet and limewire tho.. I will post findings below also.. here is the HJT report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:43 PM, on 02/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netgear\WG111v3\WG111v3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\Netgear\WG111v3\WG111v3.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Microgaming\Poker\bet365MPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
www.bebo.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) -
http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) -
http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\Program Files\Dell Support\bin\MsPMSNSv.exe (file missing)
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe
--
End of file - 12349 bytes
Here is the Log from Avira
Avira AntiVir Personal
Report file date: Monday, November 02, 2009 11:46
Scanning for 1562564 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : TOFFEE
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 14:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 11:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 12:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 11:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 13:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 10:21:42
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 7/19/2009 23:08:01
ANTIVIR3.VDF : 7.1.5.19 139776 Bytes 7/23/2009 08:36:13
Engineversion : 8.2.0.228
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 14:31:50
AESCRIPT.DLL : 8.1.2.18 442746 Bytes 7/23/2009 10:59:39
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 10:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 10:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 14:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 10:59:39
AEHEUR.DLL : 8.1.0.143 1864055 Bytes 7/23/2009 10:59:39
AEHELP.DLL : 8.1.5.3 233846 Bytes 7/23/2009 10:59:39
AEGEN.DLL : 8.1.1.50 352629 Bytes 7/23/2009 10:59:39
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 15:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 10:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 15:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 09:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 11:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 15:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 11:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 16:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 11:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 16:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 09:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 11:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 16:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 11:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,
Start of the scan: Monday, November 02, 2009 11:46
Starting search for hidden objects.
'90701' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wltuser.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'WG111v3.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'QuickDCF2.exe' - '1' Module(s) have been scanned
Scan process 'ezi_hnm2.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'hnm_svc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '74' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Rebecca\Incomplete\Preview-T-3545425-another chance with love.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Rebecca\Incomplete\Preview-T-3555427-she fucking hates me.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Rebecca\Incomplete\Preview-T-3877634-she fucking hates me - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Rebecca\Incomplete\T-3515164-she fucking hates me.wma
[DETECTION] Is the TR/Dldr.WMA.Wim.N.4 Trojan
C:\Documents and Settings\Rebecca\Incomplete\T-3555427-she fucking hates me.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Rebecca\Incomplete\T-3877634-she fucking hates me - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Documents and Settings\Rebecca\My Documents\My Music\claire and friends 関蹿.wma
[DETECTION] Is the TR/Dldr.WMA.Wima.AA Trojan
C:\Documents and Settings\Rebecca\Shared\Eighties classic.wma
[DETECTION] Is the TR/Dldr.Age.3566386 Trojan
C:\Documents and Settings\Rebecca\Shared\she fucking hates me.mp3
[DETECTION] Is the TR/Brisv.B Trojan
C:\Documents and Settings\Rebecca\Shared\vanessa over the rainbow bob frisell chase.wma
[DETECTION] Is the TR/Dldr.WMA.Wima.AA Trojan
C:\Microgaming\Poker\bet365MPP\local\da\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\de\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\en\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\es\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\fr\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\it\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\no\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\sv\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\zh-cn\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\local\zh-tw\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\da\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\de\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\en\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\es\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\fr\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\it\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\no\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\sv\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\zh-cn\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\zh-tw\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP533\A0149762.reg
[DETECTION] Is the TR/REG.Koobface.89 Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535\A0153824.reg
[DETECTION] Is the TR/REG.Koobface.89 Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154882.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154883.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154885.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154886.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154887.exe
[DETECTION] Is the TR/Wippy.19968 Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154888.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154890.exe
[DETECTION] Is the TR/Wippy.19968 Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154895.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154896.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154897.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154898.exe
[DETECTION] Contains recognition pattern of the WORM/Koobface.24576 worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154950.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP537\A0154966.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP579\A0171411.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP579\A0171412.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\FlashAX\FlashAX.ocx
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
Begin scan in 'D:\' <Backup>
Beginning disinfection:
C:\Documents and Settings\Rebecca\Incomplete\Preview-T-3545425-another chance with love.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4b53d387.qua'!
C:\Documents and Settings\Rebecca\Incomplete\Preview-T-3555427-she fucking hates me.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '48d5d078.qua'!
C:\Documents and Settings\Rebecca\Incomplete\Preview-T-3877634-she fucking hates me - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '48c27d70.qua'!
C:\Documents and Settings\Rebecca\Incomplete\T-3515164-she fucking hates me.wma
[DETECTION] Is the TR/Dldr.WMA.Wim.N.4 Trojan
[NOTE] The file was moved to '4b21d342.qua'!
C:\Documents and Settings\Rebecca\Incomplete\T-3555427-she fucking hates me.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '48b26dcb.qua'!
C:\Documents and Settings\Rebecca\Incomplete\T-3877634-she fucking hates me - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '48b51513.qua'!
C:\Documents and Settings\Rebecca\My Documents\My Music\claire and friends 関蹿.wma
[DETECTION] Is the TR/Dldr.WMA.Wima.AA Trojan
[NOTE] The file was moved to '4b4fd382.qua'!
C:\Documents and Settings\Rebecca\Shared\Eighties classic.wma
[DETECTION] Is the TR/Dldr.Age.3566386 Trojan
[NOTE] The file was moved to '4b55d37f.qua'!
C:\Documents and Settings\Rebecca\Shared\she fucking hates me.mp3
[DETECTION] Is the TR/Brisv.B Trojan
[NOTE] The file was moved to '4b53d37e.qua'!
C:\Documents and Settings\Rebecca\Shared\vanessa over the rainbow bob frisell chase.wma
[DETECTION] Is the TR/Dldr.WMA.Wima.AA Trojan
[NOTE] The file was moved to '4b5cd377.qua'!
C:\Microgaming\Poker\bet365MPP\local\da\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4b5bd385.qua'!
C:\Microgaming\Poker\bet365MPP\local\de\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4ebcc63e.qua'!
C:\Microgaming\Poker\bet365MPP\local\en\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4b5bd386.qua'!
C:\Microgaming\Poker\bet365MPP\local\es\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4b5bd387.qua'!
C:\Microgaming\Poker\bet365MPP\local\fr\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '48cc0e20.qua'!
C:\Microgaming\Poker\bet365MPP\local\it\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e0630f8.qua'!
C:\Microgaming\Poker\bet365MPP\local\no\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e0538b0.qua'!
C:\Microgaming\Poker\bet365MPP\local\sv\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e042088.qua'!
C:\Microgaming\Poker\bet365MPP\local\zh-cn\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e3b2940.qua'!
C:\Microgaming\Poker\bet365MPP\local\zh-tw\Common\CommonRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e39d118.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\da\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4b53d388.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\de\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e35f239.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\en\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e34faf1.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\es\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e3be2c9.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\fr\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e3aea81.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\it\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e399359.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\no\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e389b11.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\sv\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4b53d389.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\zh-cn\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e3e8ba2.qua'!
C:\Microgaming\Poker\bet365MPP\theme\bet365\local\zh-tw\ClientConfig\OperatorRes.dll
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4e3d8c7a.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP533\A0149762.reg
[DETECTION] Is the TR/REG.Koobface.89 Trojan
[NOTE] The file was moved to '4b1fd349.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535\A0153824.reg
[DETECTION] Is the TR/REG.Koobface.89 Trojan
[NOTE] The file was moved to '4efad562.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154882.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e7bc16a.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154883.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e450092.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154885.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e7cd912.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154886.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e6fbcca.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154887.exe
[DETECTION] Is the TR/Wippy.19968 Trojan
[NOTE] The file was moved to '4e6ea402.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154888.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e70b4f2.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154890.exe
[DETECTION] Is the TR/Wippy.19968 Trojan
[NOTE] The file was moved to '4e6dac5a.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154895.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e6c5592.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154896.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e6b5dea.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154897.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e6a4522.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154898.exe
[DETECTION] Contains recognition pattern of the WORM/Koobface.24576 worm
[NOTE] The file was moved to '4e694d7a.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536\A0154950.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4e6876b2.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP537\A0154966.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e677e8a.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP579\A0171411.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e6666c2.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP579\A0171412.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4e656e1a.qua'!
C:\WINDOWS\system32\FlashAX\FlashAX.ocx
[DETECTION] Contains recognition pattern of the GAME/Casino.Gen game
[NOTE] The file was moved to '4b4fd385.qua'!
End of the scan: Monday, November 02, 2009 12:39
Used time: 50:58 Minute(s)
The scan has been done completely.
10689 Scanned directories
362390 Files were scanned
48 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
48 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
362340 Files not concerned
4508 Archives were scanned
2 Warnings
50 Notes
90701 Objects were scanned with rootkit scan
0 Hidden objects were found
