kk i did everything here it is.
Avira AntiVir Personal
Report file date: Wednesday, April 16, 2008 07:54
Scanning for 1204631 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ROSS
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 18:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 17:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 17:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 17:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 22:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 4/11/2008 14:50:32
ANTIVIR3.VDF : 7.0.3.175 150528 Bytes 4/16/2008 14:50:47
Engineversion : 8.1.0.30
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 18:58:21
AESCRIPT.DLL : 8.1.0.23 233851 Bytes 4/16/2008 14:52:20
AESCN.DLL : 8.1.0.13 115061 Bytes 4/16/2008 14:52:11
AERDL.DLL : 8.1.0.19 418164 Bytes 4/8/2008 00:34:44
AEPACK.DLL : 8.1.1.1 364918 Bytes 4/16/2008 14:52:06
AEOFFICE.DLL : 8.1.0.17 192891 Bytes 4/16/2008 14:51:51
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 4/16/2008 14:51:42
AEHELP.DLL : 8.1.0.12 115063 Bytes 4/16/2008 14:50:59
AEGEN.DLL : 8.1.0.15 299379 Bytes 4/8/2008 00:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 4/8/2008 00:34:43
AECORE.DLL : 8.1.0.26 168311 Bytes 4/16/2008 14:50:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 02:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 19:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 22:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 02:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 17:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 02:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 23:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 21:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Wednesday, April 16, 2008 07:54
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'netmon.exe' - '1' Module(s) have been scanned
Scan process 'command.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\dXNlcg\command.exe'
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'command.exe' has been terminated
C:\WINDOWS\dXNlcg\command.exe
[DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
[NOTE] The file was deleted!
27 processes with 26 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\byXRjkJA.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\vtUmJAsR.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\mrofinu1645.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ktgmcgce.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\yhypoufn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe
[DETECTION] Is the Trojan horse TR/Agent.51049
[NOTE] The file was deleted!
C:\WINDOWS\system32\gtkjchoj.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
The registry was scanned ( '30' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\cusgi.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\njhxmjb.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ygnat.exe
[DETECTION] Is the Trojan horse TR/PCK.PolyCrypt.D.920
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\huhqjazw\hafivgdk.exe.bak
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\mnutgpsx\chmvelcf.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GX2JC5ER\AccessMediaDownload[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Peregar.F
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GX2JC5ER\AccessMediaSetup[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.dke.9
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WFST6DK3\AccessMediaDownload[1].exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Delf.gie.1
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WFST6DK3\AccessMediaSetup[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.gji.7
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WFST6DK3\AccessMediaSetup[2].exe
[DETECTION] Is the Trojan horse TR/Dldr.Peregar.AI
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WFST6DK3\AccessMediaSetup[3].exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.dke.12
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\crtss.exe
[DETECTION] Contains detection pattern of the worm WORM/Robobot
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\ipv6rop.dll
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\msni32c.dll
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\oaawjni.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.cgd.2
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-49f5c2b1.zip
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.B.1
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-2eedb10d.zip
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.B
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.75
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Desktop\X\sdsetup.exe
[DETECTION] Contains detection pattern of the dropper DR/KeyLogger.DQ
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Application Data\windowsupdate.exe
[DETECTION] Is the Trojan horse TR/PCK.PolyCrypt.D.920
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FK
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\csrssc.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\NDR1CA.tmp
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FK
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
[DETECTION] Is the Trojan horse TR/Dldr.TSUpdat.F.3
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe
[DETECTION] Is the Trojan horse TR/Drop.TSUpdat.A.1
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3LFLV2K7\cd[1].htm
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\3LFLV2K7\cd[1].htm
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SH8YQ47R\idkfa[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was deleted!
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was deleted!
C:\Program Files\Common Files\uzkf\uzkfa.exe
[DETECTION] Is the Trojan horse TR/Dldr.TSUpdate.L
[NOTE] The file was deleted!
C:\Program Files\Common Files\uzkf\uzkfl.exe
[DETECTION] Is the Trojan horse TR/Drop.TSUpdat.A.2
[NOTE] The file was deleted!
C:\Program Files\Common Files\uzkf\uzkfm.exe
[DETECTION] Is the Trojan horse TR/Drop.TSUpdat.A.3
[NOTE] The file was deleted!
C:\Program Files\Common Files\uzkf\uzkfp.exe
[DETECTION] Is the Trojan horse TR/Drop.TSUpdat.A.4
[NOTE] The file was deleted!
C:\Program Files\MediaEldoradoCodec\MediaEldoradoCodec.ocx
[DETECTION] Is the Trojan horse TR/Zlob.FF.3
[NOTE] The file was deleted!
C:\Program Files\MediaEldoradoCodec\Uninstall.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.Zlob.ABOC
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07013CC7.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07013CC7.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\200D5F28.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\200D5F28.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20133321.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20133321.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20165D1D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20165D1D.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\201A071A.dat
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\201A071A.dat
[DETECTION] Is the Trojan horse TR/Dldr.Agent.AP.2
[NOTE] TR/Dldr.Agent.AP.2:[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN]:<Start Page>=sz:about:blank>=SZ:about:blank
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27FE1F5F.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\27FE1F5F.dll
[DETECTION] Contains detection pattern of the worm WORM/Dedler.Q
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CDE5BE2.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3CDE5BE2.tmp
[DETECTION] Contains detection pattern of the dropper DR/Hijack.Barnius.1
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\447C1B00.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\447C1B00.dll
[DETECTION] Contains detection pattern of the worm WORM/Dedler.X
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\540448A9.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\540448A9.dll
[DETECTION] Contains detection pattern of the worm WORM/Dedler.AA
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\540772A6.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\540772A6.dll
[DETECTION] Contains detection pattern of the worm WORM/Dedler.Z.1
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61006909.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61006909.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61EF6203.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61EF6203.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63CC53F6.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63CC53F6.exe
[DETECTION] Is the Trojan horse TR/Crypt.E
[NOTE] The file was deleted!
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65960AF9.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65960AF9.exe
[DETECTION] Contains detection pattern of the worm WORM/Alcra.B
[NOTE] The file was deleted!
C:\WINDOWS\b103.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.28160
[NOTE] The file was deleted!
C:\WINDOWS\b104.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.buy
[NOTE] The file was deleted!
C:\WINDOWS\b116.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was deleted!
C:\WINDOWS\b155.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
[NOTE] The file was deleted!
C:\WINDOWS\b157.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
[NOTE] The file was deleted!
C:\WINDOWS\kiasys.dll
[DETECTION] Is the Trojan horse TR/Dldr.Delf.GIF.1
[NOTE] The file was deleted!
C:\WINDOWS\svpekgongpv.dll
[DETECTION] Is the Trojan horse TR/Zlob.286720
[NOTE] The file was deleted!
C:\WINDOWS\svpekgonqba.dll
[DETECTION] Is the Trojan horse TR/BHO.Agent.221184
[NOTE] The file was deleted!
C:\WINDOWS\temlxopqdla.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.245760
[NOTE] The file was deleted!
C:\WINDOWS\uerj45kj.sys
[WARNING] The file could not be opened!
C:\WINDOWS\uninstall_nmon.vbs
[DETECTION] Is the Trojan horse TR/Small.WY
[NOTE] The file was deleted!
C:\WINDOWS\Installer\{6881b700-7bca-4c7c-8b9a-a81b8c878862}\AlrtService.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.lsw
[WARNING] The file could not be deleted!
C:\WINDOWS\Installer\{a95810c3-0735-45b6-a15d-a1c161f5c81b}\RamRam.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.lsw
[WARNING] The file could not be deleted!
C:\WINDOWS\Installer\{be64ee06-8d80-42ea-b9e3-0efb5c62ed63}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[WARNING] The file could not be deleted!
C:\WINDOWS\Resources\RomSetup.dll
[DETECTION] Is the Trojan horse TR/Agent.jqa
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\apcup.dll
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The file was deleted!
C:\WINDOWS\system32\bjlcysyj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\byXQIAro.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\byXRjkJA.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\cedysadm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\hxqwioui.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\iubhkovs.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ixliysnt.dll
[DETECTION] Is the Trojan horse TR/Agent.3648.1
[NOTE] The file was deleted!
C:\WINDOWS\system32\jfiehayd.dll
[DETECTION] Is the Trojan horse TR/Agent.10000.70
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\kdjwm.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ktgmcgce.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mferuhhh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mgaekcsn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mrofqbqf.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\navfwxhm.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\nkhwotkp.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\proghdwb.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qbnjpwpr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ryirkfiq.dll
[DETECTION] Is the Trojan horse TR/Vundo.EFU
[NOTE] The file was deleted!
C:\WINDOWS\system32\tuieyism.dll
[DETECTION] Is the Trojan horse TR/Agent.3648.1
[NOTE] The file was deleted!
C:\WINDOWS\system32\vtUmJAsR.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\wvUkHYsP.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\yhypoufn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ΑppPatch\msdtc.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was deleted!
C:\WINDOWS\Temp\121194.tmp
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was deleted!
C:\WINDOWS\Temp\139410.tmp
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was deleted!
C:\WINDOWS\Temp\1766.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Delf.dke.9
[NOTE] The file was deleted!
C:\WINDOWS\Temp\2461264640.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\454F.tmp
[DETECTION] Is the Trojan horse TR/Dldr.FraudLoad.IK
[NOTE] The file was deleted!
C:\WINDOWS\Temp\4DF0.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Peregar.F
[NOTE] The file was deleted!
C:\WINDOWS\Temp\4F17.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Peregar.AI
[NOTE] The file was deleted!
C:\WINDOWS\Temp\5067.tmp
[DETECTION] Contains detection pattern of the dropper DR/Dldr.DNSChanger.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\530D.tmp
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Delf.gie.1
[NOTE] The file was deleted!
C:\WINDOWS\Temp\5680.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Delf.dke.12
[NOTE] The file was deleted!
C:\WINDOWS\Temp\615B.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Delf.gji.7
[NOTE] The file was deleted!
C:\WINDOWS\Temp\67BF.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Agent.kfb.1
[NOTE] The file was deleted!
C:\WINDOWS\Temp\6B2D.tmp
[DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\A2-tmpa-setup.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.gif
[NOTE] The file was deleted!
C:\WINDOWS\Temp\A4-tmpaoi.exe
[DETECTION] Is the Trojan horse TR/Dldr.Peregar.W
[NOTE] The file was deleted!
C:\WINDOWS\Temp\A50-tmpa-setup.exe
[DETECTION] Is the Trojan horse TR/Dldr.Peregar.C
[NOTE] The file was deleted!
C:\WINDOWS\Temp\A6-tmpaoi.exe
[DETECTION] Is the Trojan horse TR/Dldr.Peregar.AA
[NOTE] The file was deleted!
C:\WINDOWS\Temp\A8-tmpaoi.exe
[DETECTION] Is the Trojan horse TR/Dldr.Peregar.AH
[NOTE] The file was deleted!
C:\WINDOWS\Temp\AA-tmpaoi.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.DBZ.1
[NOTE] The file was deleted!
C:\WINDOWS\Temp\AC-tmpaoi.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.DBZ.1
[NOTE] The file was deleted!
C:\WINDOWS\Temp\br4.exe
[DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpyHeal.L.1
[NOTE] The file was deleted!
C:\WINDOWS\Temp\F47.tmp
[DETECTION] Contains detection pattern of the dropper DR/Dldr.DNSChanger.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\notepad.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\zfe2.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Zlob.JW
[NOTE] The file was deleted!
C:\WINDOWS\Temp\EACDownload\defscan_install-r.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '486c2564.qua'!
C:\WINDOWS\Temp\EACDownload\eanth_setup.exe
[DETECTION] Is the Trojan horse TR/Dloader.BI.1
[NOTE] The file was deleted!
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GXUBW5UR\cd[1].htm
[0] Archive type: HIDDEN
--> FIL\\\?\C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GXUBW5UR\cd[1].htm
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was deleted!
End of the scan: Wednesday, April 16, 2008 09:10
Used time: 1:16:24 min
The scan has been done completely.
8885 Scanning directories
295099 Files were scanned
121 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
110 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
294978 Files not concerned
2291 Archives were scanned
15 Warnings
111 Notes
============================
and here is hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:38 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
O3 - Toolbar: stfngdvw - {CE27F2E4-ED57-4453-8997-27C9E6F49AD9} - C:\WINDOWS\stfngdvw.dll
O3 - Toolbar: vnbptxlf - {3AB99368-48AF-4A01-B845-2904204948B5} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [Microsoft Updates] wkssvrs.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
O4 - HKLM\..\Policies\Explorer\Run: [Zj48TX8VTP] C:\Documents and Settings\All Users\Application Data\huhqjazw\hafivgdk.exe
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Updates] wkssvr.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\svchost.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.co.../sysreqlab2.cabO16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) -
http://www.nvidia.co...iaSmartScan.cabO21 - SSODL: AlrtService - {6881b700-7bca-4c7c-8b9a-a81b8c878862} - C:\WINDOWS\Installer\{6881b700-7bca-4c7c-8b9a-a81b8c878862}\AlrtService.dll (file missing)
O21 - SSODL: RamRam - {a95810c3-0735-45b6-a15d-a1c161f5c81b} - C:\WINDOWS\Installer\{a95810c3-0735-45b6-a15d-a1c161f5c81b}\RamRam.dll
O21 - SSODL: sxfnewqb - {1C556045-7C30-4E3D-BF1D-C2B05D1449C3} - C:\WINDOWS\sxfnewqb.dll
O21 - SSODL: RomSetup - {dc2ad0dd-1e54-48c3-8c22-09ec3f5cc80e} - C:\WINDOWS\Resources\RomSetup.dll
O21 - SSODL: zip - {be64ee06-8d80-42ea-b9e3-0efb5c62ed63} - C:\WINDOWS\Installer\{be64ee06-8d80-42ea-b9e3-0efb5c62ed63}\zip.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5087 bytes