Options
Virus plagued please help
I got a virus on my pc. I think it is called bagel email trojan. I would like to debug the hd but it is difficult because it was taking over the pc. I put the hd into another pc, can i fix the system while it is a secondary hd?
Please let me know what can be done its driving me crazy.
Thank you,
Daniel
Please let me know what can be done its driving me crazy.
Thank you,
Daniel
0
Comments
Scan the computer (including your infected HD) with MBAM:
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply.
- If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.I ran Antivir right before your reply. It found 150 items. I have that log if it would help to post it.
Here is the Malware log:
Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 2
11/21/2008 2:38:07 PM
mbam-log-2008-11-21 (14-38-07).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 125722
Time elapsed: 35 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012274.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012278.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013064.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013067.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013070.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013071.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013072.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013073.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013078.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013079.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
Avira AntiVir Personal
Report file date: Friday, November 21, 2008 09:12
Scanning for 1045334 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DC-5449147B2F6A
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 10/30/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 15:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 14:10:40
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 14:10:42
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 11/16/2008 14:10:43
ANTIVIR3.VDF : 7.1.0.120 150528 Bytes 11/21/2008 14:10:44
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 17:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/21/2008 14:10:53
AESCN.DLL : 8.1.1.5 123251 Bytes 11/21/2008 14:10:52
AERDL.DLL : 8.1.1.3 438645 Bytes 11/21/2008 14:10:52
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/21/2008 14:10:51
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/21/2008 14:10:50
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/21/2008 14:10:49
AEHELP.DLL : 8.1.2.0 119159 Bytes 11/21/2008 14:10:47
AEGEN.DLL : 8.1.1.5 323956 Bytes 11/21/2008 14:10:46
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 17:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 11/21/2008 14:10:45
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/21/2008 14:10:44
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: Friday, November 21, 2008 09:12
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'WLanCfgG.exe' - '1' Module(s) have been scanned
Scan process 'DUEngine.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'DUControl.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '53' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Downloads\BitDefender Internet Security 2009 (32b) v12.0.10+Keygen[H33T]-MasterUploader\Keygen\Keygen.exe
[DETECTION] Is the TR/Qhosts.HF Trojan
[NOTE] The file was moved to '499fc319.qua'!
C:\Downloads\BitDefender Total Security 2009 v12.0.10+Keygen-HeartBug\Keygen\Keygen.exe
[DETECTION] Is the TR/Qhosts.HF Trojan
[NOTE] The file was moved to '499fc320.qua'!
C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013052.exe
[DETECTION] Is the TR/Qhosts.HF Trojan
[NOTE] The file was moved to '4956ed4b.qua'!
C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013053.exe
[DETECTION] Is the TR/Qhosts.HF Trojan
[NOTE] The file was moved to '4956ed50.qua'!
Begin scan in 'D:\'
D:\cvqkuk.exe
[DETECTION] Is the TR/Drop.BHO.EF Trojan
[NOTE] The file was deleted!
D:\epoki.exe
[DETECTION] Is the TR/Dldr.Small.btk Trojan
[NOTE] The file was deleted!
D:\nriljal.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was deleted!
D:\psqrhqn.exe
[DETECTION] Is the TR/Tiny.705 Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\data.oct
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\flec006.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\ActiveInsert_1.2_(Crack).zip
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\All_File_Renamer_1.2.zip
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Astro-Mania_2.0_Cracked.zip
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Atmosphere_Lite_6.0.zip
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\BioWIN 5.11.zip
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\cGeep Free 2.0.2a [Patch].zip
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\CZ-Pdf2Txt_Simple_for_Acrobat_Reader_1.1.zip
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\D-FileMU 1.8.8.zip
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Duke_World_Cup_2006.zip
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Express_Burn_4.02.zip
[0] Archive type: ZIP
--> install.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Filookup_1.1_(With_Crack).zip
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Folder Clean v1.3.zip
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Kaspersky.Internet.Security.6.3.Solo.Crack.Key.07-2007.zip
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\KetuFile 1.1.2.zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\KROQ 106.7 Radio 2.0.zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Mac_FlipAlbum_3.0.zip
[0] Archive type: ZIP
--> key_generator.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Mercury Document system 2.2.0.0.zip
[0] Archive type: ZIP
--> run.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Mp3_Tag_Assistant_Professional_2.85_build_201_(With_Crack).zip
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\NetLeech_3.0.zip
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Nidesoft Video Converter 2.1.62.zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\NTPager_1.6.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Phantom_Surfer_1.4.zip
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\PHP_Freaks_Forum_Feed_1.0.2.zip
[0] Archive type: ZIP
--> serial.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Principal AntiVirus 1.11.zip
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\ProcessGuard 1.1.zip
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\RemoteExec_4.01.zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\ShortTalks 1.1.zip
[0] Archive type: ZIP
--> key_generator.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\TheOne_Health_Checker_Lite_2.0.5_[With_Crack].zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\TinySetup v2.0.zip
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Tourweaver Professional 3.00.zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Trigger_0.2.2.0.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\UltraSentry 3.10 [Crack].zip
[0] Archive type: ZIP
--> crac.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\Visonair.tv_Ogg_Streamer_1.1.2.240.zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\WinTR_3.1.1_KeyGen.zip
[0] Archive type: ZIP
--> key_gen.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Application Data\m\shared\WordBook_Speaking_English_Dictionary_3.6.zip
[0] Archive type: ZIP
--> patch.exe
[DETECTION] Is the TR/Dldr.Bagle.agf Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temp\1899003040.exe
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temp\BN1.tmp
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temp\BN2.tmp
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temp\BN3.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temp\BN4.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temp\BN5.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temp\IXP000.TMP\ITGNDO~1.EXE
[DETECTION] Is the TR/Drop.Agen.ckw.29 Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temp\IXP002.TMP\ITGNDO~1.EXE
[DETECTION] Is the TR/Drop.Agen.ckw.29 Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\7Z91BLME\index[1]
[DETECTION] Is the TR/Vundo.fxr.34 Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\CXU30LUB\b64_3[1].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\JFKLV785\apstpldr.dll[1].htm
[DETECTION] Is the TR/Fakealert.ANE Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\K167CXU3\b64[1].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\K167CXU3\b64[2].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\K167CXU3\b64_2[1].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\K167CXU3\b64_3[1].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\KXI7ODE7\b64_1[1].jpg
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\KXI7ODE7\b64_2[1].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\KXI7ODE7\b64_2[2].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\KXI7ODE7\b64_3[1].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\U7LRKU29\b64_1[1].jpg
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\U7LRKU29\b64_1[2].jpg
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\U7LRKU29\cd[1].htm
[0] Archive type: HIDDEN
--> FIL\\\?\D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\U7LRKU29\cd[1].htm
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\X9QF8LUN\b64[1].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\X9QF8LUN\b64_3[1].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\X9QF8LUN\b64_3[2].jpg
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\Program Files\DirectUpdate v4\DUControl.exe
[DETECTION] Is the TR/Drop.Agent.ztd Trojan
[NOTE] The file was deleted!
D:\Program Files\eMule\Incoming\Adobe.InDesign.CS2.v4.0.Incl.Keygen-SSG.rar
[0] Archive type: RAR
--> INDESIGN 4.0 CS2\keygen.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
[NOTE] The file was deleted!
D:\Program Files\eMule\Incoming\Sound Taxi 2.7.2.zip
[0] Archive type: ZIP
--> install_patch.exe
[DETECTION] Is the TR/Drop.Agent.ztd Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP130\A0019756.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP132\A0019937.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP132\A0019950.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP132\A0019976.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP132\A0019996.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP132\A0020469.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP133\A0020486.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP133\A0020494.dll
[DETECTION] Is the TR/Dldr.Small.btk Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012129.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012130.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012131.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012132.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012133.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012134.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012135.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012136.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012137.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012138.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012139.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012140.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012141.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012142.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012143.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012144.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012145.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012146.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012147.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012148.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012149.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012150.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012151.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012152.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012153.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012154.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012155.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012156.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012157.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012158.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012159.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012160.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012161.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012162.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012163.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012167.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012168.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012169.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012170.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012180.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012181.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012182.exe
[DETECTION] Is the TR/Drop.Agent.ztd Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012186.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012195.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012196.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012225.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012240.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012244.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012245.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012246.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012248.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012254.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012256.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012257.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012267.exe
[DETECTION] Is the TR/Drop.Agent.ztd Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012273.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012275.exe
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012276.exe
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012279.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012280.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012281.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012282.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012283.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012284.sys
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012285.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012286.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012287.sys
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP242\A0012288.exe
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013054.exe
[DETECTION] Is the TR/Drop.BHO.EF Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013055.exe
[DETECTION] Is the TR/Dldr.Small.btk Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013056.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013057.exe
[DETECTION] Is the TR/Tiny.705 Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013058.exe
[DETECTION] Is the TR/Bagle.Gen.B Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013059.exe
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013060.EXE
[DETECTION] Is the TR/Drop.Agen.ckw.29 Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013061.EXE
[DETECTION] Is the TR/Drop.Agen.ckw.29 Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013062.exe
[DETECTION] Is the TR/Drop.Agent.ztd Trojan
[NOTE] The file was deleted!
D:\WINDOWS\incatio.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The file was deleted!
D:\WINDOWS\system32\bbengcuc.dll
[DETECTION] Is the TR/Vundo.fxr.34 Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\BIT48.tmp
[DETECTION] Is the TR/Monder.zfm Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\cmdl.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\jkkJdeFW.dll
[DETECTION] Is the TR/Fakealert.ANE Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\jsne87fidgf.dll
[DETECTION] Is the TR/Fakealert.HO Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\lkzhyl.dll
[DETECTION] Is the TR/Vundo.fxr.34 Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\msansspc.dll
[DETECTION] Is the TR/Dldr.Small.btk Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\redrdncx.dll
[DETECTION] Is the TR/Agent.aopk Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\reset5e.dll
[DETECTION] Is the TR/Fakealert.ane.51 Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\rs32net.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\TDSSnrse.dll
[DETECTION] Is the TR/Agent.73728.7 Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\xxyxYrSM.dll
[DETECTION] Is the TR/Vundo.fxr.32 Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\drivers\srosa.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
D:\WINDOWS\system32\drivers\winfilse.exe
[DETECTION] Is the TR/Drop.Agent.ztd Trojan
[NOTE] The file was deleted!
D:\WINDOWS\Temp\2248345336.exe
[0] Archive type: HIDDEN
--> FIL\\\?\D:\WINDOWS\Temp\2248345336.exe
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was deleted!
D:\WINDOWS\Temp\loader.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
D:\WINDOWS\Temp\TDSS8c2b.tmp
[DETECTION] Is the TR/Patched.CL Trojan
[NOTE] The file was deleted!
D:\WINDOWS\Temp\TDSS9fa.tmp
[DETECTION] Is the TR/Patched.CL Trojan
[NOTE] The file was deleted!
D:\WINDOWS\Temp\winlogin.exe
[DETECTION] Is the TR/Fakealert.HO Trojan
[NOTE] The file was deleted!
End of the scan: Friday, November 21, 2008 13:55
Used time: 4:42:23 Hour(s)
The scan has been done completely.
8228 Scanning directories
359055 Files were scanned
177 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
174 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
358876 Files not concerned
2010 Archives were scanned
1 Warnings
178 Notes
So I put the HD back in and booted and it seems to be running ok. I also ran another scan w/ avira and it found some files that says "Warning file can't be opened". I've included the scan. Just wondering if i should take further action against those files.
Thanks again
Daniel
Avira AntiVir Personal
Report file date: Tuesday, November 25, 2008 01:20
Scanning for 1049308 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DAN-AD215A4550B
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 10/30/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 15:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 06:19:57
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 06:20:03
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 11/23/2008 06:20:04
ANTIVIR3.VDF : 7.1.0.131 53248 Bytes 11/24/2008 06:20:05
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 17:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/25/2008 06:20:14
AESCN.DLL : 8.1.1.5 123251 Bytes 11/25/2008 06:20:13
AERDL.DLL : 8.1.1.3 438645 Bytes 11/25/2008 06:20:12
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/25/2008 06:20:11
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/25/2008 06:20:10
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/25/2008 06:20:10
AEHELP.DLL : 8.1.2.0 119159 Bytes 11/25/2008 06:20:08
AEGEN.DLL : 8.1.1.5 323956 Bytes 11/25/2008 06:20:07
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 17:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 11/25/2008 06:20:06
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/25/2008 06:20:05
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Tuesday, November 25, 2008 01:20
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'SSU.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeperUI.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'DUEngine.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\ljJyyyvv.dll
[DETECTION] Is the TR/Vundo.FXR Trojan
[NOTE] TR/Vundo.FXR:[HKEY_CLASSES_ROOT\CLSID\{4E007A5F-299F-44FC-8B6B-F06B61867A2E}\InprocServer32]:<@>=sz:ljJyyyvv.dll
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
The registry was scanned ( '59' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\ARK3.tmp
[DETECTION] Is the TR/Vundo.FXR Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\JFKLV785\index[1].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '498f9b42.qua'!
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\U7LRKU29\pdf[1].pdf
[0] Archive type: PDF Stream
--> Object
[DETECTION] Contains recognition pattern of the JS/Bofra.A.1 Java script virus
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013063.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013065.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013069.dll
[DETECTION] Is the TR/Dldr.Small.btk Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013075.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013076.exe
[DETECTION] Is the TR/Drop.Agent.ztd Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013077.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{F3AA7B52-06F6-497C-814B-21DA5DAB3D90}\RP247\A0013077.exe
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\ddcArOef.dll
[DETECTION] Is the TR/Vundo.FXR Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\SsiEfr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\wrLZMA.dll
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\dan 2\-= CLIP ART =-\clipart to test\L to Z LOGOS Vector CD2 ----.zip
[0] Archive type: ZIP
--> cd2/app/WinRAR.keygen.exe
[DETECTION] Is the TR/Agent.5776.A Trojan
[NOTE] The file was deleted!
D:\dan 2\-= PLOTTER =-\plotter sign software to test\FLEXI 7.6v1_PHOTOPRINT 4.6v1.zip
[0] Archive type: ZIP
--> install/axdist.exe
[DETECTION] Is the TR/FlashKiller.C Trojan
--> install/Required/Registry/ReadPrinter.exe
[DETECTION] Is the TR/FlashKiller.C Trojan
--> install/START.EXE
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was deleted!
D:\dan 2\-= PLOTTER =-\plotter sign software to test\FLEXI 7.6v1_PHOTOPRINT 4.6v1\install\axdist.exe
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was deleted!
D:\dan 2\-= PLOTTER =-\plotter sign software to test\FLEXI 7.6v1_PHOTOPRINT 4.6v1\install\START.EXE
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was deleted!
D:\dan 2\-= PLOTTER =-\plotter sign software to test\FLEXI 7.6v1_PHOTOPRINT 4.6v1\install\Required\Registry\ReadPrinter.exe
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP135\A0022485.exe
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP135\A0022486.EXE
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was deleted!
D:\System Volume Information\_restore{57A17F66-6F17-4B5B-B8DB-2D13BEB59804}\RP135\A0022487.exe
[DETECTION] Contains recognition pattern of the W95/CIH Windows virus
[NOTE] The file was deleted!
End of the scan: Tuesday, November 25, 2008 02:39
Used time: 1:18:31 Hour(s)
The scan has been done completely.
7845 Scanning directories
430778 Files were scanned
19 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
18 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
430753 Files not concerned
2048 Archives were scanned
8 Warnings
19 Notes
Note: Internet Explorer should be used
If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead