Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus riddled slow laptop


  • Please log in to reply
7 replies to this topic

#1 SloFlo

SloFlo

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 August 2010 - 12:22 PM

Hi all,

I need some advice on a very slow laptop and i don't know what to do.....

I have a feeling its on its last legs :thumbsup:

I have ran 3 virus scanners on it and one came back saying the system is clean, another saying i had some minor problems and another saying i have 10 severe risks :flowers:

HeLp!!

BC AdBot (Login to Remove)

 


#2 Blathnat

Blathnat

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:07:47 AM

Posted 13 August 2010 - 12:26 PM

What scanners did you use, and what threats were found by the third?

#3 SloFlo

SloFlo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 August 2010 - 12:34 PM

Iobit Security 360 no viruses...
Avira - Minor problems...
RemoveIT Pro V4 - 10 problems "Attached screen dumps."

Attached Files



#4 SloFlo

SloFlo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 August 2010 - 12:51 PM

Anyone?

#5 SloFlo

SloFlo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 August 2010 - 01:12 PM

I have ran 3 diferent virus scanners and i have been told by Iobit security 360 that there are no viruses, Avira some minor privacy problems and RemoveIT pro v4 that i have 10 serious viruses

Attached Files


Edited by hamluis, 13 August 2010 - 01:21 PM.
Moved from XP forum to Am I Infected ~ Hamluis.


#6 SloFlo

SloFlo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 August 2010 - 03:03 PM

RemoveIT Pro v7 - SE (Build date: 17.4.2010) full information log file.
Generated at: 13/08/2010 on 20:23:19
Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Author: Damjan Irgolic
http://www.incodesolutions.com
support@incodesolutions.com


You have some viruses in your computer.
Please Scan your computer with RemoveIT Pro to remove discovered viruses.
Virus list:
Infected with Sys32._iu14d2n - File C:\Documents and Settings\Sam n Rach\local settings\temp\_iu14d2n.tmp
Infected with Sys32.arh - File C:\documents and settings\all users\application data\nos\adobe_downloads\arh.exe
Infected with Sys32.dnssdx - File C:\WINDOWS\system32\dnssdx.dll
Infected with Sys32.drvins64 - File C:\WINDOWS\system32\drvins64.exe
Infected with Sys32.id3vx_ocx - File C:\WINDOWS\system32\id3vx_ocx.dll
Infected with Sys32.pa207usd - File C:\WINDOWS\system32\pa207usd.dll
Infected with Sys32.unccplext - File C:\WINDOWS\system32\unccplext.dll
Infected with Sys32.setup1 - File C:\WINDOWS\setup1.exe
Infected with Sys32.so_activex - File C:\Program Files\openoffice.org 3\basis\program\so_activex.dll

Running processes: (28)
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Startup files:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
[C:\WINDOWS\system32\ctfmon.exe]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SUPERAntiSpyware
[C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA
[C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Run StartupMonitor
[StartupMonitor.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig
[C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avgnt
["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min]

Detail report: (93)
Clsid C:\Documents and Settings\Sam n Rach\Application Data\Facebook\uninstall.exe[8252aa2675d36dd793c27890d002ead3][50354]
Clsid c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll[5cf6190cd875da6b35256fee573e7908][75128]
Clsid c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll[b7899c3e21b299d7a3c0da96cae340bd][408448]
Clsid c:\program files\superantispyware\saswinlo.dll[482e8f6fd557d5a0df7363f72df145fe][548352]
Clsid C:\WINDOWS\system32\ati2evxx.dll[20774a328d0cd6b11fab6d337d4b4eee][86016]
Clsid C:\WINDOWS\system32\crypt32.dll[efc958396a7a7ef7e6d4a52b97512e18][597504]
Clsid C:\WINDOWS\system32\cryptnet.dll[cad4aa32e7eca00c23cc39c0eb833f9d][63488]
Clsid C:\WINDOWS\system32\cscdll.dll[587729679b4fe04ce06a5c61d6c56dcd][101888]
Clsid C:\WINDOWS\system32\sclgntfy.dll[d636fa41e50671160d838ea2dace3330][20992]
Clsid c:\windows\system32\stobject.dll[297101a925ecffdcdf7f6341ffbb6c1a][121856]
Clsid c:\windows\system32\webcheck.dll[cc8915db4e33e8fb29ca0d2dbf75306e][236544]
Clsid C:\WINDOWS\system32\wlnotify.dll[a599e5e366c1408e48aa5d37882d4e3e][92672]
Clsid c:\windows\system32\wpdshserviceobj.dll[045e228f71c31901084b64be59093499][133632]
Proc C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[ee915a9b3b8fcee769d326e4602263a3][335872]
Proc C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[cf4a0e2c240501c826977acc5f0e8411][282792]
Proc C:\Program Files\Avira\AntiVir Desktop\avguard.exe[b2764687aa998206879aa53379c0af31][267432]
Proc C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[8c91bd35ae9aa8b628eec5e637bb1d0f][76968]
Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[f0f17fa19ed0c572b04d7bcfa9475813][554496]
Proc C:\Program Files\Mozilla Firefox\firefox.exe[baccda841c689d1cba941f478e8ed24b][910296]
Proc C:\Program Files\PowerMenu\PowerMenu.exe[cd1606ac1029dfcbe630f86598133635][57344]
Proc C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[da7680ef3018fef1a27268ad40e85dfa][2403568]
Proc C:\Program Files\UPHClean\uphclean.exe[3f9a3232e5f942874488981f3242c989][241725]
Proc C:\WINDOWS\Explorer.EXE[45757077a47c68a603a79b03a1a836ab][1032192]
Proc C:\WINDOWS\StartupMonitor.exe[064805a7893898cbf058086832217771][86016]
Proc C:\WINDOWS\System32\alg.exe[f1958fbf86d5c004cf19a5951a9514b7][44544]
Proc C:\WINDOWS\System32\Ati2evxx.exe[a8464ca51c598101a3fef341f4f0b6e0][397312]
Proc C:\WINDOWS\system32\ctfmon.exe[24232996a38c0b0cf151c2140ae29fc8][15360]
Proc C:\WINDOWS\System32\dllhost.exe[dd87db7387b9eb441c5674888a0d840c][5120]
Proc C:\WINDOWS\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312]
Proc C:\WINDOWS\system32\SearchIndexer.exe[2ec497aa4b728d1b1a368acf2e309e8b][300032]
Proc C:\WINDOWS\system32\services.exe[4712531ab7a01b7ee059853ca17d39bd][110592]
Proc C:\WINDOWS\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Proc C:\WINDOWS\system32\svchost.exe[8f078ae4ed187aaabc0a305146de6716][14336]
Proc C:\WINDOWS\system32\wscntfy.exe[49911dd39e023bb6c45e4e436cfbd297][13824]
RegRun c:\program files\ati technologies\ati control panel\atiptaxx.exe[ee915a9b3b8fcee769d326e4602263a3][335872]
RegRun c:\program files\avira\antivir desktop\avgnt.exe [cf4a0e2c240501c826977acc5f0e8411][282792]
RegRun c:\program files\superantispyware\superantispyware.exe[da7680ef3018fef1a27268ad40e85dfa][2403568]
RegRun c:\windows\pchealth\helpctr\binaries\msconfig.exe [3c60aefa68efa2c4d13ab6b68fe82b81][169984]
RegRun C:\WINDOWS\startupmonitor.exe[064805a7893898cbf058086832217771][86016]
RegRun c:\windows\system32\ctfmon.exe[24232996a38c0b0cf151c2140ae29fc8][15360]
Service c:\program files\avira\antivir desktop\avguard.exe[b2764687aa998206879aa53379c0af31][267432]
Service c:\program files\avira\antivir desktop\sched.exe[703485a2c9ec94c35ed7ec56b13778b2][135336]
Service c:\program files\bonjour\mdnsresponder.exe[5ab58c337ac65837fe404462ad6265ab][345376]
Service c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe[2e3e53a6aef23e24f402c7855b9b1542][144176]
Service c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe[6f95324909b502e2651442c1548ab12f][73728]
Service c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe[e06224cf971d33a680e852dfa212a8ab][313840]
Service c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe[fb68fd9505ab89416d70a0e8a5c49e45][1108464]
Service c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe[d6bdb50d2a28ff70ce60b4d995f0143a][170480]
Service c:\program files\google\common\google updater\googleupdaterservice.exe[3fd5f79aa40b1c244c59de984e98dc37][190448]
Service c:\program files\ipod\bin\ipodservice.exe[8f610078437a459948480407f4db91ea][540472]
Service c:\program files\java\jre6\bin\jqs.exe [890369aed0dde1a98f09f7dc239ca2bd][152984]
Service c:\program files\roxio\digital home 9\roxioupnprenderer9.exe[afd61a7c48a3e15c86a6fadf0b69a2e4][88560]
Service c:\program files\roxio\digital home 9\roxioupnpservice9.exe[efbb36e2bb02169d26e9980778fc20d3][362992]
Service c:\program files\sony ericsson\sony ericsson pc suite\supserv.exe[da345de3b450e9e1691e7b9956d8ffc3][90112]
Service c:\program files\uphclean\uphclean.exe[3f9a3232e5f942874488981f3242c989][241725]
Service c:\program files\virgin media\hub\servicepointservice.exe[b2a68ff28ce1c3f762397a6403798605][668912]
Service c:\program files\windows defender\msmpeng.exe[f45dd1e1365d857dd08bc23563370d0e][13592]
Service c:\program files\windows media player\wmpnetwk.exe[f74e3d9a7fa9556c3bbb14d4e5e63d3b][913408]
Service c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe[d33c507942299753868204cc7642fa27][29896]
Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[3c4d595e7f9b747325aef28b4adcaae5][66240]
Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe[ea7267505149b3a10df32506a4e4e412][741376]
Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe[8070bb07fe06de8b9acb29b07016a273][122880]
Service c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe[facecf3f75baf3775a879d1168402270][36864]
Service c:\windows\system32\alg.exe[f1958fbf86d5c004cf19a5951a9514b7][44544]
Service c:\windows\system32\ati2evxx.exe[a8464ca51c598101a3fef341f4f0b6e0][397312]
Service c:\windows\system32\cisvc.exe[3192bd04d032a9c4a85a3278c268a13a][5632]
Service c:\windows\system32\clipsrv.exe[c8dec22c4137d7a90f8bdf41ca4b82ae][33280]
Service c:\windows\system32\dllhost.exe [dd87db7387b9eb441c5674888a0d840c][5120]
Service c:\windows\system32\dmadmin.exe [554c7cb178fe3bd12450b81ad63adbc3][224768]
Service c:\windows\system32\imapi.exe[fa788520bcac0f5d9d5cde5615c0d931][150016]
Service c:\windows\system32\locator.exe[793f04a09b15e7c6c11dbdffaf06c0ab][75264]
Service c:\windows\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312]
Service c:\windows\system32\mnmsrvc.exe[f6415361201915b9fe3896b0e4e724ff][32768]
Service c:\windows\system32\msdtc.exe[c7c3d89eb0a6f3dba622ea737fa335b1][6144]
Service c:\windows\system32\msiexec.exe [7f7bc88c8fb6b52989e0e93084b5e678][95744]
Service c:\windows\system32\netdde.exe[05afb5ad06462257bea7495283c86d50][111104]
Service c:\windows\system32\pastisvc.exe[ed78dfad8efcdfbc89500492c4d14645][53248]
Service c:\windows\system32\rsvp.exe[471b3f9741d762abe75e9deea4787e47][132608]
Service c:\windows\system32\scardsvr.exe[25d8de134df108e3dbc8d7d23b1aa58e][95744]
Service c:\windows\system32\searchindexer.exe [2ec497aa4b728d1b1a368acf2e309e8b][300032]
Service c:\windows\system32\services.exe[4712531ab7a01b7ee059853ca17d39bd][110592]
Service c:\windows\system32\sessmgr.exe[729798e0933076b8fcfcd9934698f164][140800]
Service c:\windows\system32\smlogsvc.exe[8b54aa346d1b1b113ffaa75501b8b1b2][89600]
Service c:\windows\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Service c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336]
Service c:\windows\system32\tlntsvr.exe[37db0a7d097310e8b4de803fc3119c78][73216]
Service c:\windows\system32\ups.exe[3f5df65b0758675f95a2d43918a740a3][18432]
Service c:\windows\system32\vssvc.exe[3ee00364ae0fd8d604f46cbaf512838a][289792]
Service c:\windows\system32\wbem\wmiapsrv.exe[ba8cecc3e813e1f7c441b20393d4f86c][126464]
Startup c:\documents and settings\all users\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\documents and settings\sam n rach\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\program files\powermenu\powermenu.exe[cd1606ac1029dfcbe630f86598133635][57344]
System.ini c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336]

Startup folder: (3)
Startup name: desktop.ini
Command: C:\Documents and Settings\Sam n Rach\Start Menu\Programs\Startup\desktop.ini
Startup name: desktop.ini
Command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Startup name: PowerMenu.lnk
Command: C:\Program Files\PowerMenu\PowerMenu.exe

Win.ini Startup: (1)
Path: No additional driver found!

Win.ini Startup: (1)
Path: No additional driver found!

Keyboard drivers: (1)
Name: kbdclass
Path: C:\WINDOWS\system32\Drivers\kbdclass.sys

Services: (107)
Service Name: .NET Runtime Optimization Service v2.0.50727_X86 [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Service Name: Alerter [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Apple Mobile Device [Stopped],
Path: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Service Name: Application Layer Gateway Service [Running],
Path: C:\WINDOWS\System32\alg.exe
Service Name: Application Management [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: ASP.NET State Service [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Service Name: Ati HotKey Poller [Running],
Path: C:\WINDOWS\System32\Ati2evxx.exe
Service Name: Automatic Updates [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Avira AntiVir Guard [Running],
Path: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
Service Name: Avira AntiVir Scheduler [Stopped],
Path: "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
Service Name: Background Intelligent Transfer Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Bonjour Service [Stopped],
Path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Service Name: ClipBook [Stopped],
Path: C:\WINDOWS\system32\clipsrv.exe
Service Name: COM+ Event System [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: COM+ System Application [Running],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Service Name: Computer Browser [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Cryptographic Services [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: CSIScanner [Stopped],
Path: "C:\Program Files\Prevx\prevx.exe" /service
Service Name: DCOM Server Process Launcher [Running],
Path: C:\WINDOWS\system32\svchost -k DcomLaunch
Service Name: DHCP Client [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Distributed Link Tracking Client [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Distributed Transaction Coordinator [Stopped],
Path: C:\WINDOWS\System32\msdtc.exe
Service Name: DNS Client [Running],
Path: C:\WINDOWS\System32\svchost.exe -k NetworkService
Service Name: Error Reporting Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Event Log [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Fast User Switching Compatibility [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Google Software Updater [Stopped],
Path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Service Name: Help and Support [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: HTTP SSL [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Service Name: Human Interface Device Access [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: IMAPI CD-Burning COM Service [Stopped],
Path: C:\WINDOWS\System32\imapi.exe
Service Name: Indexing Service [Stopped],
Path: C:\WINDOWS\System32\cisvc.exe
Service Name: InstallDriver Table Manager [Stopped],
Path: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Service Name: iPod Service [Stopped],
Path: "C:\Program Files\iPod\bin\iPodService.exe"
Service Name: IPSEC Services [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: Java Quick Starter [Stopped],
Path: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Service Name: LiveShare P2P Server 9 [Stopped],
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"
Service Name: Logical Disk Manager [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Logical Disk Manager Administrative Service [Stopped],
Path: C:\WINDOWS\System32\dmadmin.exe /com
Service Name: Messenger [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: MS Software Shadow Copy Provider [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{89A9A7A6-9D12-40B1-AD3F-DB2A140AFF91}
Service Name: Net Logon [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: Net.Tcp Port Sharing Service [Stopped],
Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Service Name: NetMeeting Remote Desktop Sharing [Stopped],
Path: C:\WINDOWS\System32\mnmsrvc.exe
Service Name: Network Connections [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Network DDE [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Network DDE DSDM [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Network Location Awareness (NLA) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Network Provisioning Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: NT LM Security Support Provider [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: Performance Logs and Alerts [Stopped],
Path: C:\WINDOWS\system32\smlogsvc.exe
Service Name: Plug and Play [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Portable Media Serial Number Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Print Spooler [Running],
Path: C:\WINDOWS\system32\spoolsv.exe
Service Name: Protected Storage [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: QoS RSVP [Stopped],
Path: C:\WINDOWS\System32\rsvp.exe
Service Name: Remote Access Auto Connection Manager [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Remote Access Connection Manager [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Remote Desktop Help Session Manager [Stopped],
Path: C:\WINDOWS\system32\sessmgr.exe
Service Name: Remote Procedure Call (RPC) [Running],
Path: C:\WINDOWS\system32\svchost -k rpcss
Service Name: Remote Procedure Call (RPC) Locator [Stopped],
Path: C:\WINDOWS\System32\locator.exe
Service Name: Remote Registry [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Removable Storage [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Routing and Remote Access [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Roxio Hard Drive Watcher 9 [Stopped],
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
Service Name: Roxio UPnP Renderer 9 [Stopped],
Path: "C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"
Service Name: Roxio Upnp Server 9 [Stopped],
Path: "C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe"
Service Name: RoxMediaDB9 [Stopped],
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
Service Name: Secondary Logon [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Security Accounts Manager [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Security Center [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Server [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: ServicepointService [Stopped],
Path: "C:\Program Files\Virgin Media\HUB\ServicepointService.exe"
Service Name: Shell Hardware Detection [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Smart Card [Stopped],
Path: C:\WINDOWS\System32\SCardSvr.exe
Service Name: Sony Ericsson OMSI download service [Stopped],
Path: C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
Service Name: SSDP Discovery Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: STI Simulator [Stopped],
Path: C:\WINDOWS\System32\PAStiSvc.exe
Service Name: System Event Notification [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: System Restore Service [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Task Scheduler [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: TCP/IP NetBIOS Helper [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Telephony [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Telnet [Stopped],
Path: C:\WINDOWS\System32\tlntsvr.exe
Service Name: Terminal Services [Running],
Path: C:\WINDOWS\System32\svchost -k DComLaunch
Service Name: Themes [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Uninterruptible Power Supply [Stopped],
Path: C:\WINDOWS\System32\ups.exe
Service Name: Universal Plug and Play Device Host [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: User Profile Hive Cleanup [Running],
Path: C:\Program Files\UPHClean\uphclean.exe
Service Name: Volume Shadow Copy [Stopped],
Path: C:\WINDOWS\System32\vssvc.exe
Service Name: WebClient [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Windows Audio [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows CardSpace [Stopped],
Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Service Name: Windows Defender [Stopped],
Path: "C:\Program Files\Windows Defender\MsMpEng.exe"
Service Name: Windows Driver Foundation - User-mode Driver Framework [Running],
Path: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Service Name: Windows Firewall/Internet Connection Sharing (ICS) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows Image Acquisition (WIA) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k imgsvc
Service Name: Windows Installer [Stopped],
Path: C:\WINDOWS\system32\msiexec.exe /V
Service Name: Windows Management Instrumentation [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Windows Management Instrumentation Driver Extensions [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows Media Player Network Sharing Service [Stopped],
Path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Service Name: Windows Presentation Foundation Font Cache 3.0.0.0 [Stopped],
Path: c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Service Name: Windows Search [Running],
Path: C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Service Name: Windows Time [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Wireless Zero Configuration [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: WMI Performance Adapter [Stopped],
Path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Service Name: Workstation [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Finished...

#7 SloFlo

SloFlo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 August 2010 - 04:43 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:17, on 13/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Spyware Removal Toolkit\SpywareRemovalToolkit.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareRemovalToolkit.exe] C:\Program Files\Spyware Removal Toolkit\SpywareRemovalToolkit.exe
O4 - HKLM\..\Run: [SRTHelper.exe] C:\Program Files\Spyware Removal Toolkit\SRTHelper.exe -0
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing)

--
End of file - 5399 bytes

#8 SloFlo

SloFlo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 August 2010 - 04:45 PM

Avira AntiVir Personal
Report file date: 13 August 2010 21:46

Scanning for 1990003 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : Sam n Rach
Computer name : SAM

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 11:29:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 11:29:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 11:29:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 11:29:03
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 11:29:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 11:29:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 11:29:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 11:29:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 11:29:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 15:43:21
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 15:24:21
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 17:41:40
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 09:25:53
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 09:39:58
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 13:01:24
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 10:24:56
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 07:04:23
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 09:23:02
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 17:47:50
VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 19:11:22
VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 17:53:48
VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 13:56:47
VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 05:56:20
VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 09:43:55
VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 09:59:22
VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 12:43:17
VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 12:43:17
VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 12:43:17
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 12:16:21
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 16:05:26
AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 18:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 11:09:47
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 11:09:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 12:34:51
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 11:09:46
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 18:43:13
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 16:05:25
AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 16:05:25
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 09:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 16:05:25
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 12:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Quick system scan
Configuration file..................: c:\program files\avira\antivir desktop\quicksysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: 13 August 2010 21:46

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'uphclean.exe' - '1' Module(s) have been scanned
Scan process 'PowerMenu.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'StartupMonitor.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1735' files ).


Starting the file scan:

Begin scan in 'C:\Documents and Settings\Sam n Rach'
C:\Documents and Settings\Sam n Rach\My Documents\Downloads\refog_setup_free_kl_520.exe
[DETECTION] Contains recognition pattern of the ADSPY/KGBSpy.BE adware or spyware
Begin scan in 'C:\WINDOWS'
Begin scan in 'C:\Documents and Settings\All Users'
Catched Exception in function <SCAN_Search> - Object <C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg>
ACCESS_VIOLATION
EAX = 0C75FF9B EBX = 07FE4E60
ECX = 7FFDB000 EDX = 0C75FF9B
ESI = 00BC1AA8 EDI = 0c75ff53
EIP = 7C90100B EBP = 0649DFF0
ESP = 0649DFDC Flg = 00010206
CS = 00000023 SS = 0000001B
Begin scan in 'C:\Program Files'

Beginning disinfection:
C:\Documents and Settings\Sam n Rach\My Documents\Downloads\refog_setup_free_kl_520.exe
[DETECTION] Contains recognition pattern of the ADSPY/KGBSpy.BE adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '4aab18c9.qua'.


End of the scan: 13 August 2010 22:41
Used time: 31:17 Minute(s)

The scan has been done completely.

7418 Scanned directories
231046 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
231045 Files not concerned
1528 Archives were scanned
1 Warnings
1 Notes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users