TX 4 helping bro..n Sorry 4 late reply heres Avira n HIjack reports
Avira REport
Avira AntiVir Personal
Report file date: Thursday, March 04, 2010 13:19
Scanning for 1817062 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : M-56B9FBF9FFA84
Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 19:26:34
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 21:16:36
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:17:04
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:17:14
VBASE004.VDF : 7.10.3.76 2048 Bytes 1/26/2010 21:17:14
VBASE005.VDF : 7.10.3.77 2048 Bytes 1/26/2010 21:17:14
VBASE006.VDF : 7.10.3.78 2048 Bytes 1/26/2010 21:17:14
VBASE007.VDF : 7.10.3.79 2048 Bytes 1/26/2010 21:17:16
VBASE008.VDF : 7.10.3.80 2048 Bytes 1/26/2010 21:17:16
VBASE009.VDF : 7.10.3.81 2048 Bytes 1/26/2010 21:17:16
VBASE010.VDF : 7.10.3.82 2048 Bytes 1/26/2010 21:17:16
VBASE011.VDF : 7.10.3.83 2048 Bytes 1/26/2010 21:17:16
VBASE012.VDF : 7.10.3.84 2048 Bytes 1/26/2010 21:17:18
VBASE013.VDF : 7.10.3.85 2048 Bytes 1/26/2010 21:17:18
VBASE014.VDF : 7.10.3.122 172544 Bytes 1/29/2010 21:17:18
VBASE015.VDF : 7.10.3.149 79872 Bytes 2/1/2010 21:17:20
VBASE016.VDF : 7.10.3.174 68608 Bytes 2/3/2010 21:17:20
VBASE017.VDF : 7.10.3.199 76800 Bytes 2/4/2010 21:17:22
VBASE018.VDF : 7.10.3.222 64512 Bytes 2/5/2010 21:17:22
VBASE019.VDF : 7.10.3.243 75776 Bytes 2/8/2010 21:17:24
VBASE020.VDF : 7.10.4.6 81920 Bytes 2/9/2010 21:17:24
VBASE021.VDF : 7.10.4.30 78848 Bytes 2/11/2010 21:17:24
VBASE022.VDF : 7.10.4.50 107520 Bytes 2/15/2010 21:17:26
VBASE023.VDF : 7.10.4.62 105472 Bytes 2/15/2010 21:17:26
VBASE024.VDF : 7.10.4.85 111616 Bytes 2/17/2010 21:17:28
VBASE025.VDF : 7.10.4.109 122368 Bytes 2/21/2010 21:17:28
VBASE026.VDF : 7.10.4.128 109056 Bytes 2/23/2010 21:17:30
VBASE027.VDF : 7.10.4.151 111104 Bytes 2/26/2010 21:17:32
VBASE028.VDF : 7.10.4.170 132608 Bytes 3/1/2010 21:17:32
VBASE029.VDF : 7.10.4.184 100864 Bytes 3/2/2010 21:17:34
VBASE030.VDF : 7.10.4.199 110592 Bytes 3/4/2010 21:17:34
VBASE031.VDF : 7.10.4.200 18944 Bytes 3/4/2010 21:17:34
Engineversion : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/4/2010 21:17:56
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 3/4/2010 21:17:54
AESCN.DLL : 8.1.5.0 127347 Bytes 3/4/2010 21:17:52
AESBX.DLL : 8.1.2.0 254323 Bytes 3/4/2010 21:17:56
AERDL.DLL : 8.1.4.2 479602 Bytes 3/4/2010 21:17:52
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/4/2010 21:17:50
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 3/4/2010 21:17:48
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 3/4/2010 21:17:46
AEHELP.DLL : 8.1.10.1 237942 Bytes 3/4/2010 21:17:38
AEGEN.DLL : 8.1.2.0 373107 Bytes 3/4/2010 21:17:36
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 15:38:26
AECORE.DLL : 8.1.12.2 188790 Bytes 3/4/2010 21:17:36
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 15:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:48:00
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 23:14:04
AVREP.DLL : 8.0.0.7 159784 Bytes 3/4/2010 21:17:58
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:42
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:12
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 23:40:00
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 20:25:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Thursday, March 04, 2010 13:19
Starting search for hidden objects.
'34338' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'vlc.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'D2841D.EXE' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\DA9115\D2841D.EXE'
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'VM303_STI.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
Process 'D2841D.EXE' has been terminated
C:\WINDOWS\system32\DA9115\D2841D.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] TR/Dropper.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<D2841D>=sz:D2841D.EXE
[NOTE] The file was deleted!
37 processes with 36 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '45' files ).
Starting the file scan:
Begin scan in 'C:\' <XP>
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\system32\FA95A1\cnvpe.fne
[DETECTION] Is the TR/Agent.61440.CZ Trojan
C:\WINDOWS\system32\FA95A1\spec.fne
[DETECTION] Is the TR/Vundo.73728.EC Trojan
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\cnvpe.fne
[DETECTION] Is the TR/Agent.61440.CZ Trojan
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\spec.fne
[DETECTION] Is the TR/Vundo.73728.EC Trojan
C:\Documents and Settings\Administrator\My Documents\vlc-1.0.2-win32.exe
[0] Archive type: NSIS
--> ProgramFilesDir/AUTHORS.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{8E937D52-BEAC-4BB0-963B-010FEF344FF1}\RP54\A0094918.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'D:\' <WORK>
Begin scan in 'E:\' <MIX MALL>
E:\Virtual Drive 7.01\INSTMSIA.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
E:\Virtual Drive 7.01\INSTMSIW.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
E:\My Imp DAta\WinRar_3.7_Setup_installer.exe
[DETECTION] Is the TR/Patched.Gen2 Trojan
E:\My Imp DAta\Media Player 10.0 Final\Energy Bliss Viz for MediaPlayer 10\MP10_EnergyBlissViz.EXE
[DETECTION] Is the TR/Patched.Gen2 Trojan
E:\My Imp DAta\CamStudio 2[1].1.051\CamStudio20.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'F:\' <MICS>
Beginning disinfection:
C:\WINDOWS\system32\FA95A1\cnvpe.fne
[DETECTION] Is the TR/Agent.61440.CZ Trojan
[NOTE] The file was moved to '4c063097.qua'!
C:\WINDOWS\system32\FA95A1\spec.fne
[DETECTION] Is the TR/Vundo.73728.EC Trojan
[NOTE] The file was moved to '4bf53099.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\cnvpe.fne
[DETECTION] Is the TR/Agent.61440.CZ Trojan
[NOTE] The file was moved to '4d831e28.qua'!
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\spec.fne
[DETECTION] Is the TR/Vundo.73728.EC Trojan
[NOTE] The file was moved to '4a7727c2.qua'!
C:\System Volume Information\_restore{8E937D52-BEAC-4BB0-963B-010FEF344FF1}\RP54\A0094918.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4bc0305a.qua'!
E:\Virtual Drive 7.01\INSTMSIA.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4be33078.qua'!
E:\Virtual Drive 7.01\INSTMSIW.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4be33079.qua'!
E:\My Imp DAta\WinRar_3.7_Setup_installer.exe
[DETECTION] Is the TR/Patched.Gen2 Trojan
[NOTE] The file was moved to '4bfe3095.qua'!
E:\My Imp DAta\Media Player 10.0 Final\Energy Bliss Viz for MediaPlayer 10\MP10_EnergyBlissViz.EXE
[DETECTION] Is the TR/Patched.Gen2 Trojan
[NOTE] The file was moved to '4bc1307c.qua'!
E:\My Imp DAta\CamStudio 2[1].1.051\CamStudio20.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4bfd308d.qua'!
End of the scan: Thursday, March 04, 2010 14:11
Used time: 38:09 Minute(s)
The scan has been done completely.
3443 Scanned directories
101851 Files were scanned
12 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
1 files were deleted
0 Viruses and unwanted programs were repaired
10 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
101837 Files not concerned
994 Archives were scanned
4 Warnings
13 Notes
34338 Objects were scanned with rootkit scan
0 Hidden objects were found
Hijack Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:55 AM, on 3/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://internet.wateen.net/home?confirmed=...&t=g6ckbqsaR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - Startup: D2841D.lnk = C:\WINDOWS\system32\DA9115\D2841D.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 3730 bytes