My anti-virus has scanned and picked up some viruses. The viruses have been quarantined but it came back today. The virus report is below:
AntiVir PersonalEdition Classic
Report file date: 28 February 2007 21:26
Scanning for 658863 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Owner
Computer name: YOUR-U2KZFIB7P8
Version information:
BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00
AVSCAN.EXE : 7.0.3.5 208936 Bytes 15/01/2007 22:06:29
AVSCAN.DLL : 7.0.3.1 35880 Bytes 07/01/2007 10:10:34
LUKE.DLL : 7.0.3.2 143400 Bytes 07/01/2007 10:10:35
LUKERES.DLL : 7.0.2.0 9256 Bytes 07/01/2007 10:10:35
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:35:27
ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 12/01/2007 22:14:55
ANTIVIR2.VDF : 6.37.0.235 374784 Bytes 29/01/2007 22:07:03
ANTIVIR3.VDF : 6.37.1.8 56320 Bytes 31/01/2007 21:25:35
AVEWIN32.DLL : 7.3.1.33 2281984 Bytes 30/01/2007 20:29:41
AVPREF.DLL : 7.0.2.0 23592 Bytes 07/01/2007 10:10:34
AVREP.DLL : 6.37.1.1 1105960 Bytes 30/01/2007 20:29:41
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 10:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 07/01/2007 10:10:37
AVREG.DLL : 7.0.1.2 30760 Bytes 15/01/2007 22:06:29
NETNT.DLL : 6.32.0.0 6696 Bytes 27/09/2005 09:56:49
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 07/01/2007 10:10:31
RCTEXT.DLL : 7.0.12.1 77864 Bytes 07/01/2007 10:10:31
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000
Start of the scan: 28 February 2007 21:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'msnmsgr.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'iPodService.exe' - '1' Modules have been scanned
Scan process 'MsPMSPSv.exe' - '1' Modules have been scanned
Scan process 'MPAPI3s.exe' - '1' Modules have been scanned
Scan process 'ServiceLayer.exe' - '1' Modules have been scanned
Scan process 'hpqtra08.exe' - '1' Modules have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Modules have been scanned
Scan process 'PcSync2.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'DataLayer.exe' - '1' Modules have been scanned
Scan process 'LaunchApplication.exe' - '1' Modules have been scanned
Scan process 'iTunesHelper.exe' - '1' Modules have been scanned
Scan process 'qttask.exe' - '1' Modules have been scanned
Scan process 'MSASCui.exe' - '1' Modules have been scanned
Scan process 'WkUFind.exe' - '1' Modules have been scanned
Scan process 'zlclient.exe' - '0' Modules have been scanned
Scan process 'jusched.exe' - '1' Modules have been scanned
Scan process 'point32.exe' - '1' Modules have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Modules have been scanned
Scan process 'dragdiag.exe' - '1' Modules have been scanned
Scan process 'shwicon2k.exe' - '1' Modules have been scanned
Scan process 'atiptaxx.exe' - '1' Modules have been scanned
Scan process 'kbd.exe' - '1' Modules have been scanned
Scan process 'hphmon05.exe' - '1' Modules have been scanned
Scan process 'hpwuSchd.exe' - '1' Modules have been scanned
Scan process 'HpqCmon.exe' - '1' Modules have been scanned
Scan process 'hpsysdrv.exe' - '1' Modules have been scanned
Scan process 'vsmon.exe' - '0' Modules have been scanned
Scan process 'symlcsvc.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'ccEvtMgr.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'MsMpEng.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
48 processes with 48 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( 52 files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hp\drivers\keyboard\PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f31e89.qua'!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32ecc.qua'!
C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32ed0.qua'!
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32ed3.qua'!
C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32ed9.qua'!
C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f32eda.qua'!
C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\ps2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '4451cb07.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
D:\I386\drv\APP19718\App19718.exe
[0] Archive type: ZIP SFX (self extracting)
--> hp/tmp/pav_ps2/PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
--> hp/tmp/pre_ps2/PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '46313134.qua'!
D:\System Volume Information\_restore{D3B0980A-A7B3-456A-A4BD-8F74FA72BA53}\RP571\A0167369.exe
[0] Archive type: ZIP SFX (self extracting)
--> hp/tmp/pav_ps2/PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
--> hp/tmp/pre_ps2/PS2.bat
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '45f23164.qua'!
Begin scan in 'A:\'
The path A:\ could not be found!
The device is not ready.
Begin scan in 'G:\'
The path G:\ could not be found!
The device is not ready.
Begin scan in 'H:\'
The path H:\ could not be found!
The device is not ready.
Begin scan in 'I:\'
The path I:\ could not be found!
The device is not ready.
Begin scan in 'J:\'
The path J:\ could not be found!
The device is not ready.
Begin scan in 'E:\'
The path E:\ could not be found!
The device is not ready.
Begin scan in 'F:\'
The path F:\ could not be found!
The device is not ready.
End of the scan: 01 February 2007 00:15
Used time: 872784:00:28 min
The scan has been done completely.
12985 Scanning directories
841524 Files were scanned
11 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
23 Files cannot be scanned
841513 Files not concerned
20165 Archives were scanned
23 Warnings
0 Notes