Here are my logs. Thank you so much for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:30 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: 64.14.244.60 potentshow.com
O1 - Hosts: 208.254.26.132 baccaratworks.com
O1 - Hosts: 64.14.244.60 furnituredesigners.com
O1 - Hosts: 64.14.244.60 hotbrandnames.com
O1 - Hosts: 64.14.244.60 thehotelnews.com
O1 - Hosts: 208.254.26.132 wordadvance.com
O1 - Hosts: 208.254.26.132 bettingselections.net
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202493658950
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Bra...018/flashax.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: gebcaba - gebcaba.dll (file missing)
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe (file missing)
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe (file missing)
O23 - Service: VTingWinIe - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing)
O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe (file missing)
--
End of file - 7504 bytes
Here is the Malwarebytes log
Malwarebytes' Anti-Malware 1.32
Database version: 1624
Windows 5.1.2600 Service Pack 2
1/6/2009 1:14:21 PM
mbam-log-2009-01-06 (13-14-21).txt
Scan type: Full Scan (C:\|)
Objects scanned: 93390
Time elapsed: 56 minute(s), 39 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 19
Memory Processes Infected:
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcjjlj0ev0r (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{85e5bba6-d4cd-d056-612b-59640ab1e7ec} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Adware.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Administrator\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP173\A0064633.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP173\A0064634.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP173\A0064658.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP173\A0064659.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP173\A0064661.sys (RootKit.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tmp0_350836884973.bk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmd.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ping.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{125ad9fe-1ab1-eb75-891e-7d8075971611}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.
And Here is the first scan I did on AVira
Avira AntiVir Personal
Report file date: Tuesday, January 06, 2009 11:15
Scanning for 1150939 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PREFERRE-A72BCF
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 12/24/2008 16:09:53
ANTIVIR2.VDF : 7.1.1.60 318976 Bytes 1/2/2009 16:09:56
ANTIVIR3.VDF : 7.1.1.73 125952 Bytes 1/5/2009 16:09:57
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 16:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 1/6/2009 16:10:05
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 21:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 15:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/6/2009 16:10:04
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 1/6/2009 16:10:04
AEHELP.DLL : 8.1.2.0 119159 Bytes 1/6/2009 16:10:01
AEGEN.DLL : 8.1.1.8 323956 Bytes 1/6/2009 16:10:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 1/6/2009 16:09:58
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Tuesday, January 06, 2009 11:15
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'soxpeca.exe' - '1' Module(s) have been scanned
Scan process 'mabidwe.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
23 processes with 23 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '53' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3I7MSL8X\index[1].php
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49c7856d.qua'!
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP152\A0058793.old
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Refpron.I.24 back-door program
[NOTE] The file was moved to '499386b6.qua'!
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP153\A0059763.exe
[DETECTION] Is the TR/Agent.ALHQ.2 Trojan
[NOTE] The file was moved to '499386bc.qua'!
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP166\A0062769.old
[DETECTION] Is the TR/Dldr.Delf.qrm Trojan
[NOTE] The file was moved to '4993887f.qua'!
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP168\A0062773.old
[DETECTION] Is the TR/Agent.bclb Trojan
[NOTE] The file was moved to '49938886.qua'!
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP168\A0062774.old
[DETECTION] Is the TR/Agent.bclb Trojan
[NOTE] The file was moved to '499389a3.qua'!
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP169\A0063439.exe
[DETECTION] Is the TR/Refpron.44032B Trojan
[NOTE] The file was moved to '499389a7.qua'!
C:\System Volume Information\_restore{5EC1D65A-3A28-466E-85B9-52BE545CCDB3}\RP169\A0063440.exe
[DETECTION] Is the TR/Refpron.47616B.30 Trojan
[NOTE] The file was moved to '499389c3.qua'!
C:\WINDOWS\system32\afisicx.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '49cc8c1d.qua'!
C:\WINDOWS\system32\asck.exe
[DETECTION] Is the TR/Agent.274944.C Trojan
[NOTE] The file was moved to '49c68c33.qua'!
C:\WINDOWS\system32\fhgcatil.dll
[DETECTION] Is the TR/Killav.WB Trojan
[NOTE] The file was moved to '49ca8c3b.qua'!
C:\WINDOWS\system32\lnprsxei.dll
[DETECTION] Is the TR/Killav.WB Trojan
[NOTE] The file was moved to '49d38c51.qua'!
C:\WINDOWS\system32\noytcyr.exe
[DETECTION] Is the TR/Refpron.47616B.38 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b9b8e0e.qua'!
C:\WINDOWS\system32\nsbA50.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49c58ca5.qua'!
C:\WINDOWS\system32\nsc12D8.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49c68ca8.qua'!
C:\WINDOWS\system32\nsc63F.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49c68cab.qua'!
C:\WINDOWS\system32\nscAC9.dll
[DETECTION] Is the TR/BHO.czo Trojan
[NOTE] The file was moved to '49c68cae.qua'!
C:\WINDOWS\system32\nsg154.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49ca8cb1.qua'!
C:\WINDOWS\system32\nsi2EF.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49cc8cb4.qua'!
C:\WINDOWS\system32\nsi335.dll
[DETECTION] Is the TR/BHO.czo Trojan
[NOTE] The file was moved to '49cc8cb6.qua'!
C:\WINDOWS\system32\nsi414.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49cc8cb9.qua'!
C:\WINDOWS\system32\nsi640.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49cc8cbc.qua'!
C:\WINDOWS\system32\nsl15E.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49cf8cbf.qua'!
C:\WINDOWS\system32\nsl6E8.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49cf8cc2.qua'!
C:\WINDOWS\system32\nsl882.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49cf8cc6.qua'!
C:\WINDOWS\system32\nsn137B.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49d18cc9.qua'!
C:\WINDOWS\system32\nsq7A0.dll
[DETECTION] Is the TR/BHO.czo Trojan
[NOTE] The file was moved to '49d48ccb.qua'!
C:\WINDOWS\system32\nsqA2F.dll
[DETECTION] Is the TR/BHO.czo Trojan
[NOTE] The file was moved to '49d48ccd.qua'!
C:\WINDOWS\system32\nsr1BE.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49d58ccf.qua'!
C:\WINDOWS\system32\nss817.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49d68cd2.qua'!
C:\WINDOWS\system32\nst415.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49d78cd4.qua'!
C:\WINDOWS\system32\nsu137E.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49d88cd6.qua'!
C:\WINDOWS\system32\nsv425.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49d98cd9.qua'!
C:\WINDOWS\system32\nsx137C.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49db8cdb.qua'!
C:\WINDOWS\system32\nsy184.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49dc8cdd.qua'!
C:\WINDOWS\system32\nsy810.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49dc8ce0.qua'!
C:\WINDOWS\system32\pklbiqly.dll
[DETECTION] Is the TR/Killav.WB Trojan
[NOTE] The file was moved to '49cf8cdf.qua'!
C:\WINDOWS\system32\rduhpmil.dll
[DETECTION] Is the TR/Killav.WB Trojan
[NOTE] The file was moved to '49d88cde.qua'!
C:\WINDOWS\system32\roytctm.exe
[DETECTION] Is the TR/Agent.astn.68 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b9b8e7d.qua'!
C:\WINDOWS\system32\sxtsyctd.sys
[DETECTION] Is the TR/Delf.DSU.1 Trojan
[NOTE] The file was moved to '49d78cff.qua'!
C:\WINDOWS\system32\tcexfst.sys
[DETECTION] Is the TR/Click.VB.bkx Trojan
[NOTE] The file was moved to '49c88cee.qua'!
C:\WINDOWS\system32\tdydowkc.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b9b8e6b.qua'!
C:\WINDOWS\system32\tmp0_117798233591.bk.old
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38cfe.qua'!
C:\WINDOWS\system32\tmp0_131217326979.bk.old
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d00.qua'!
C:\WINDOWS\system32\tmp0_214655808014.bk.old
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d03.qua'!
C:\WINDOWS\system32\tmp0_31919503012.bk
[DETECTION] Is the TR/Agent.274944.C Trojan
[NOTE] The file was moved to '49d38d06.qua'!
C:\WINDOWS\system32\tmp0_427127539545.bk.old
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d09.qua'!
C:\WINDOWS\system32\tmp0_500630220667.bk.old
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d0c.qua'!
C:\WINDOWS\system32\tmp0_730360607849.bk
[DETECTION] Is the TR/Agent.274944.C Trojan
[NOTE] The file was moved to '49d38d10.qua'!
C:\WINDOWS\system32\tmp1_396048681035.bk
[DETECTION] Is the TR/Agent.274944.C Trojan
[NOTE] The file was moved to '49d38d15.qua'!
C:\WINDOWS\system32\tmp3_829323351537.bk
[DETECTION] Is the TR/Agent.274944.C Trojan
[NOTE] The file was moved to '49d38d1d.qua'!
C:\WINDOWS\system32\tmp4_253965330625.bk.old
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d27.qua'!
C:\WINDOWS\system32\tmpxr_169701138345.bk
[DETECTION] Is the TR/Refpron.47616B.30 Trojan
[NOTE] The file was moved to '49d38d28.qua'!
C:\WINDOWS\system32\tmpxr_171613146597.bk
[DETECTION] Is the TR/Agent.astn.124 Trojan
[NOTE] The file was moved to '49d38d29.qua'!
C:\WINDOWS\system32\tmpxr_20536327317.bk
[DETECTION] Is the TR/Agent.astn.98 Trojan
[NOTE] The file was moved to '48bdc96a.qua'!
C:\WINDOWS\system32\tmpxr_20777793594.bk
[DETECTION] Is the TR/Agent.astn.76 Trojan
[NOTE] The file was moved to '49d38d2b.qua'!
C:\WINDOWS\system32\tmpxr_216101483799.bk
[DETECTION] Is the TR/Agent.aqfq.4 Trojan
[NOTE] The file was moved to '49d38d2a.qua'!
C:\WINDOWS\system32\tmpxr_224561758819.bk
[DETECTION] Is the TR/Agent.astn.29 Trojan
[NOTE] The file was moved to '48bdc96b.qua'!
C:\WINDOWS\system32\tmpxr_229205767780.bk
[DETECTION] Is the TR/Agent.astn.29 Trojan
[NOTE] The file was moved to '49d38d2c.qua'!
C:\WINDOWS\system32\tmpxr_257875643145.bk
[DETECTION] Is the TR/Agent.astn.83 Trojan
[NOTE] The file was moved to '48bdc96d.qua'!
C:\WINDOWS\system32\tmpxr_271319651508.bk
[DETECTION] Is the TR/Refpron.44032B Trojan
[NOTE] The file was moved to '48bdc96c.qua'!
C:\WINDOWS\system32\tmpxr_29842697825.bk
[DETECTION] Is the TR/Agent.astn.41 Trojan
[NOTE] The file was moved to '49d38d2d.qua'!
C:\WINDOWS\system32\tmpxr_321739417344.bk
[DETECTION] Is the TR/Dldr.Agent.ayni Trojan
[NOTE] The file was moved to '48bdc96e.qua'!
C:\WINDOWS\system32\tmpxr_328249295529.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d2e.qua'!
C:\WINDOWS\system32\tmpxr_369673562185.bk
[DETECTION] Is the TR/Agent.aqfq.49 Trojan
[NOTE] The file was moved to '48bdc96f.qua'!
C:\WINDOWS\system32\tmpxr_39912113619.bk
[DETECTION] Is the TR/Refpron.44032B Trojan
[NOTE] The file was moved to '49d38d30.qua'!
C:\WINDOWS\system32\tmpxr_411876257803.bk
[DETECTION] Is the TR/Refpron.44032B Trojan
[NOTE] The file was moved to '48bdc971.qua'!
C:\WINDOWS\system32\tmpxr_443723338944.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d2f.qua'!
C:\WINDOWS\system32\tmpxr_488442335212.bk
[DETECTION] Is the TR/Agent.astn.89 Trojan
[NOTE] The file was moved to '48bdc970.qua'!
C:\WINDOWS\system32\tmpxr_51650535510.bk
[DETECTION] Is the TR/Agent.astn.98 Trojan
[NOTE] The file was moved to '49d38d31.qua'!
C:\WINDOWS\system32\tmpxr_527647849056.bk
[DETECTION] Is the TR/Refpron.47616B.30 Trojan
[NOTE] The file was moved to '49d38d32.qua'!
C:\WINDOWS\system32\tmpxr_560812862011.bk
[DETECTION] Is the TR/Agent.astn.75 Trojan
[NOTE] The file was moved to '48bdc973.qua'!
C:\WINDOWS\system32\tmpxr_579779293691.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d34.qua'!
C:\WINDOWS\system32\tmpxr_597706195201.bk
[DETECTION] Is the TR/Agent.aqfq.4 Trojan
[NOTE] The file was moved to '48bdc975.qua'!
C:\WINDOWS\system32\tmpxr_612302463796.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '48bdc972.qua'!
C:\WINDOWS\system32\tmpxr_625659461953.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d33.qua'!
C:\WINDOWS\system32\tmpxr_637436252146.bk
[DETECTION] Is the TR/Dldr.Agent.aynh Trojan
[NOTE] The file was moved to '48bdc974.qua'!
C:\WINDOWS\system32\tmpxr_642035731368.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d36.qua'!
C:\WINDOWS\system32\tmpxr_657085466016.bk
[DETECTION] Is the TR/Agent.astn.67 Trojan
[NOTE] The file was moved to '48bdc977.qua'!
C:\WINDOWS\system32\tmpxr_665028669110.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d38.qua'!
C:\WINDOWS\system32\tmpxr_714114180025.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49d38d35.qua'!
C:\WINDOWS\system32\tmpxr_720677363342.bk
[DETECTION] Is the TR/Agent.aqfq.37 Trojan
[NOTE] The file was moved to '48bdc976.qua'!
C:\WINDOWS\system32\tmpxr_728540148907.bk
[DETECTION] Is the TR/Agent.astn.82 Trojan
[NOTE] The file was moved to '49d38d37.qua'!
C:\WINDOWS\system32\tmpxr_729372364756.bk
[DETECTION] Is the TR/Agent.aqfq.50 Trojan
[NOTE] The file was moved to '48bdc978.qua'!
C:\WINDOWS\system32\tmpxr_73654453620.bk
[DETECTION] Is the TR/Agent.astn.21 Trojan
[NOTE] The file was moved to '48bdc979.qua'!
C:\WINDOWS\system32\tmpxr_737186859175.bk
[DETECTION] Is the TR/Agent.astn.86 Trojan
[NOTE] The file was moved to '49d38d3a.qua'!
C:\WINDOWS\system32\tmpxr_801011647827.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '48bdc97b.qua'!
C:\WINDOWS\system32\tmpxr_842306210556.bk
[DETECTION] Is the TR/Agent.astn.20 Trojan
[NOTE] The file was moved to '49d38d39.qua'!
C:\WINDOWS\system32\tmpxr_875670644987.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '48bdc97a.qua'!
C:\WINDOWS\system32\tmpxr_899358655461.bk
[DETECTION] Is the TR/Refpron.47616B.30 Trojan
[NOTE] The file was moved to '49d38d3b.qua'!
C:\WINDOWS\system32\udxfytw.sys
[DETECTION] Is the TR/Click.VBScobb.EU Trojan
[NOTE] The file was moved to '49db8d2c.qua'!
C:\WINDOWS\system32\wsldoekd.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b888fdf.qua'!
End of the scan: Tuesday, January 06, 2009 11:56
Used time: 41:44 Minute(s)
The scan has been done completely.
5185 Scanning directories
126408 Files were scanned
91 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
92 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
126315 Files not concerned
838 Archives were scanned
6 Warnings
92 Notes
