computer extremely slow and full of trojans

**Edgecrusher** · 2012-10-30, 12:28

NameServer = 85.17.255.198,46.19.33.120

no they dont. not sure what thats about. will be posting malwarebytes log today. but avira doesnt give logs, only detections in a info box.

**Edgecrusher** · 2012-10-30, 19:32

nevermind. i managed to get the avira log.

Avira Free Antivirus
Report file date: 30 October 2012 10:32

Scanning for 4424836 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.47.35 126464 Bytes 22/10/2012 21:29:44
VBASE018.VDF : 7.11.47.95 175616 Bytes 24/10/2012 21:31:18
VBASE019.VDF : 7.11.47.177 164352 Bytes 26/10/2012 16:30:16
VBASE020.VDF : 7.11.47.229 143360 Bytes 28/10/2012 10:14:26
VBASE021.VDF : 7.11.47.230 2048 Bytes 28/10/2012 10:14:26
VBASE022.VDF : 7.11.47.231 2048 Bytes 28/10/2012 10:14:27
VBASE023.VDF : 7.11.47.232 2048 Bytes 28/10/2012 10:14:27
VBASE024.VDF : 7.11.47.233 2048 Bytes 28/10/2012 10:14:27
VBASE025.VDF : 7.11.47.234 2048 Bytes 28/10/2012 10:14:27
VBASE026.VDF : 7.11.47.235 2048 Bytes 28/10/2012 10:14:27
VBASE027.VDF : 7.11.47.236 2048 Bytes 28/10/2012 10:14:28
VBASE028.VDF : 7.11.47.237 2048 Bytes 28/10/2012 10:14:28
VBASE029.VDF : 7.11.47.238 2048 Bytes 28/10/2012 10:14:28
VBASE030.VDF : 7.11.47.239 2048 Bytes 28/10/2012 10:14:28
VBASE031.VDF : 7.11.48.34 136192 Bytes 29/10/2012 10:28:41
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 30 October 2012 10:32

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'plugin-container.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'firefox.exe' - '117' Module(s) have been scanned
Scan process 'wlcomm.exe' - '69' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '130' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '148' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1615' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file

End of the scan: 30 October 2012 17:35
Used time: 7:02:54 Hour(s)

The scan has been done completely.

13838 Scanned directories
304301 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
304301 Files not concerned
3880 Archives were scanned
3 Warnings
0 Notes
283375 Objects were scanned with rootkit scan
0 Hidden objects were found

**TechieRanger** · 2012-10-30, 22:25

Thanks for the information

Please post the old Malwarebytes Anti-Malware and Avira logs (if possible) from the previous scans which detected around 193-200 items. No worries if you don't have the Avira log.

Older Malwarebytes Anti-Malware logs can be found by navigating to C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Regards,

Richard

**Edgecrusher** · 2012-10-30, 22:57

Avira Free Antivirus
Report file date: 20 October 2012 15:43

Scanning for 4376603 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.46.224 2048 Bytes 19/10/2012 00:10:41
VBASE018.VDF : 7.11.46.225 2048 Bytes 19/10/2012 00:10:42
VBASE019.VDF : 7.11.46.226 2048 Bytes 19/10/2012 00:10:42
VBASE020.VDF : 7.11.46.227 2048 Bytes 19/10/2012 00:10:43
VBASE021.VDF : 7.11.46.228 2048 Bytes 19/10/2012 00:10:43
VBASE022.VDF : 7.11.46.229 2048 Bytes 19/10/2012 00:10:44
VBASE023.VDF : 7.11.46.230 2048 Bytes 19/10/2012 00:10:44
VBASE024.VDF : 7.11.46.231 2048 Bytes 19/10/2012 00:10:45
VBASE025.VDF : 7.11.46.232 2048 Bytes 19/10/2012 00:10:45
VBASE026.VDF : 7.11.46.233 2048 Bytes 19/10/2012 00:10:45
VBASE027.VDF : 7.11.46.234 2048 Bytes 19/10/2012 00:10:46
VBASE028.VDF : 7.11.46.235 2048 Bytes 19/10/2012 00:10:46
VBASE029.VDF : 7.11.46.236 2048 Bytes 19/10/2012 00:10:47
VBASE030.VDF : 7.11.46.237 2048 Bytes 19/10/2012 00:10:47
VBASE031.VDF : 7.11.46.240 2048 Bytes 20/10/2012 00:10:47
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_508285cc\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: 20 October 2012 15:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'spotify.exe' - '1' Module(s) have been scanned
Scan process 'saui.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mcsacore.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '1' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'mixersel.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150015.dll'
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150015.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '54841893.qua'.
Begin scan in 'D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150033.dll'
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150033.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c133734.qua'.

End of the scan: 20 October 2012 15:48
Used time: 05:02 Minute(s)

The scan has been done completely.

0 Scanned directories
45 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes

**Edgecrusher** · 2012-10-30, 22:58

Avira Free Antivirus
Report file date: 20 October 2012 16:40

Scanning for 4376603 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.46.224 2048 Bytes 19/10/2012 00:10:41
VBASE018.VDF : 7.11.46.225 2048 Bytes 19/10/2012 00:10:42
VBASE019.VDF : 7.11.46.226 2048 Bytes 19/10/2012 00:10:42
VBASE020.VDF : 7.11.46.227 2048 Bytes 19/10/2012 00:10:43
VBASE021.VDF : 7.11.46.228 2048 Bytes 19/10/2012 00:10:43
VBASE022.VDF : 7.11.46.229 2048 Bytes 19/10/2012 00:10:44
VBASE023.VDF : 7.11.46.230 2048 Bytes 19/10/2012 00:10:44
VBASE024.VDF : 7.11.46.231 2048 Bytes 19/10/2012 00:10:45
VBASE025.VDF : 7.11.46.232 2048 Bytes 19/10/2012 00:10:45
VBASE026.VDF : 7.11.46.233 2048 Bytes 19/10/2012 00:10:45
VBASE027.VDF : 7.11.46.234 2048 Bytes 19/10/2012 00:10:46
VBASE028.VDF : 7.11.46.235 2048 Bytes 19/10/2012 00:10:46
VBASE029.VDF : 7.11.46.236 2048 Bytes 19/10/2012 00:10:47
VBASE030.VDF : 7.11.46.237 2048 Bytes 19/10/2012 00:10:47
VBASE031.VDF : 7.11.46.240 2048 Bytes 20/10/2012 00:10:47
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 20 October 2012 16:40

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'plugin-container.exe' - '67' Module(s) have been scanned
Scan process 'spotify.exe' - '81' Module(s) have been scanned
Scan process 'saui.exe' - '26' Module(s) have been scanned
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'firefox.exe' - '159' Module(s) have been scanned
Scan process 'wlcomm.exe' - '68' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '59' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '59' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '132' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1633' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149998.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149999.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150000.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150001.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150002.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150003.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150004.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150005.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150006.exe
[DETECTION] Is the TR/Agent.avwp Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150007.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150008.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150009.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150010.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150011.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150012.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150013.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150014.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150016.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150017.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150018.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150019.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150020.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150021.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150022.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150023.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150024.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150025.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150026.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150027.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150028.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150029.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150030.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150031.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150032.dll
[DETECTION] Is the TR/Agent.alwp Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150034.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150035.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150036.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150037.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150038.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150039.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150040.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150041.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150060.dll
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150061.exe
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150062.exe
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150063.dll
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150064.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150065.dll
[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150065.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '54dbaa89.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150064.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c4c852f.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150063.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1e13dfc7.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150062.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '78249002.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150061.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3da0bd3c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150060.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '42bb8f5d.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150041.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0e03a317.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150040.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '721be346.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150039.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f41cc0b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150038.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
[NOTE] The file was moved to the quarantine directory under the name '4629f791.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150037.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2a75dba1.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150036.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
[NOTE] The file was moved to the quarantine directory under the name '5bcce237.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150035.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '55d6d2f0.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150034.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '10ffabb2.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150032.dll
[DETECTION] Is the TR/Agent.alwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '19f4af19.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150031.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '41b5b670.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150030.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6d41cfbd.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150029.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
[NOTE] The file was moved to the quarantine directory under the name '53bfaf67.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150028.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '30b18414.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150027.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1679c409.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150026.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '24edbfac.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150025.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2ea894d2.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150024.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
[NOTE] The file was moved to the quarantine directory under the name '11fbf098.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150023.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6fd7fcbf.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150022.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3aaff874.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150021.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3739895c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150020.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2b649d55.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150019.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1ab7d09b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150018.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
[NOTE] The file was moved to the quarantine directory under the name '76e1c4ad.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150017.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3f7be1ab.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150016.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '64eee97a.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150014.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '025ce593.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150013.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '55d2973b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150012.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '77a2c04f.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150011.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
[NOTE] The file was moved to the quarantine directory under the name '1fb2bad9.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150010.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3fc4be5c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150009.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6ae0f8eb.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150008.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '0bc0d954.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150007.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '6e6c9bdf.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150006.exe
[DETECTION] Is the TR/Agent.avwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '0bbbef7e.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150005.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '185fd3ed.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150004.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0ae6af51.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150003.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '1db6cce3.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150002.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4794fe73.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150001.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
[NOTE] The file was moved to the quarantine directory under the name '62998467.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150000.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '16c29c14.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149999.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '34c0ce98.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149998.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4153b681.qua'.

End of the scan: 20 October 2012 21:48
Used time: 4:46:34 Hour(s)

The scan has been done completely.

11064 Scanned directories
298671 Files were scanned
48 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
48 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
298623 Files not concerned
2992 Archives were scanned
3 Warnings
48 Notes
275077 Objects were scanned with rootkit scan
0 Hidden objects were found

**Edgecrusher** · 2012-10-30, 22:59

Avira Free Antivirus
Report file date: 05 October 2012 17:41

Scanning for 4311676 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 14:36:53
VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 14:36:53
VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 14:36:53
VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 14:36:53
VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 14:36:53
VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 14:36:53
VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 14:36:54
VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 14:36:54
VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 14:36:54
VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 14:36:55
VBASE017.VDF : 7.11.42.235 141312 Bytes 13/09/2012 14:36:55
VBASE018.VDF : 7.11.43.35 133632 Bytes 15/09/2012 14:36:55
VBASE019.VDF : 7.11.43.89 129024 Bytes 18/09/2012 14:36:55
VBASE020.VDF : 7.11.43.141 130560 Bytes 19/09/2012 14:36:55
VBASE021.VDF : 7.11.43.187 121856 Bytes 21/09/2012 14:36:56
VBASE022.VDF : 7.11.43.251 147456 Bytes 24/09/2012 14:36:56
VBASE023.VDF : 7.11.44.43 152064 Bytes 25/09/2012 14:36:56
VBASE024.VDF : 7.11.44.103 165888 Bytes 27/09/2012 14:36:57
VBASE025.VDF : 7.11.44.167 160256 Bytes 30/09/2012 14:36:57
VBASE026.VDF : 7.11.44.223 199680 Bytes 02/10/2012 21:48:45
VBASE027.VDF : 7.11.45.29 196096 Bytes 04/10/2012 21:47:53
VBASE028.VDF : 7.11.45.30 2048 Bytes 04/10/2012 21:47:53
VBASE029.VDF : 7.11.45.31 2048 Bytes 04/10/2012 21:47:53
VBASE030.VDF : 7.11.45.32 2048 Bytes 04/10/2012 21:47:53
VBASE031.VDF : 7.11.45.34 2048 Bytes 04/10/2012 21:47:54
Engine version : 8.2.10.178
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.58 463226 Bytes 29/09/2012 14:37:04
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.108 5329272 Bytes 29/09/2012 14:37:01
AEHELP.DLL : 8.1.24.0 258423 Bytes 29/09/2012 14:36:59
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.2 115060 Bytes 29/09/2012 14:37:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.0 53618 Bytes 21/12/2011 10:59:20
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 05 October 2012 17:41

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'saui.exe' - '26' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'firefox.exe' - '130' Module(s) have been scanned
Scan process 'wlcomm.exe' - '68' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '136' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '149' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1633' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\WINNT\aoto.exe
--> Object
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
D:\WINNT\system32\Aooy.exe
--> Object
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
D:\WINNT\system32\batteo.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\cenbezn.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\fliecods.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
D:\WINNT\system32\HBASKTAO.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
D:\WINNT\system32\HBBO.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
D:\WINNT\system32\HBDNF.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
D:\WINNT\system32\HBJTLQ.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
D:\WINNT\system32\HBKDXY.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBmhly.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBQQFFO.dll
[DETECTION] Is the TR/Agent.alwp Trojan
D:\WINNT\system32\HBQQSG.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
D:\WINNT\system32\HBQQXX.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
D:\WINNT\system32\HBSHQ.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
D:\WINNT\system32\HBSOUL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBTL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBW2I.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBWD.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBWOW.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
D:\WINNT\system32\HBXY2.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBYY.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
D:\WINNT\system32\jolends.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
D:\WINNT\system32\jonzyan.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\kandoftt.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
D:\WINNT\system32\lenyuns.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
D:\WINNT\system32\meyotme.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\mirwznt.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\qanhllao.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\qonenx.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\rexljeh.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\rexljehk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\System.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
D:\WINNT\system32\telmanz.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\tldcoco.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\tobaoup.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\tobaoupk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\userinit.exe
[DETECTION] Is the TR/Agent.avwp Trojan
D:\WINNT\system32\vordisa.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
D:\WINNT\system32\wonlins.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\xsisco.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\xsiscok.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\zesttns.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
D:\WINNT\system32\zongxim.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\×ÀÝÉÏÀÍ‹ÁÉÉk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\drivers\secdrv.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan

Beginning disinfection:
D:\WINNT\system32\drivers\secdrv.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5286c906.qua'.
D:\WINNT\system32\×ÀÝÉÏÀÍ‹ÁÉÉk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b8fe504.qua'.
D:\WINNT\system32\zongxim.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1841bc33.qua'.
D:\WINNT\system32\zesttns.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
[NOTE] The file was moved to the quarantine directory under the name '7e49f38b.qua'.
D:\WINNT\system32\xsiscok.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '3bf7dec4.qua'.
D:\WINNT\system32\xsisco.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '44ececa5.qua'.
D:\WINNT\system32\wonlins.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0851c0eb.qua'.
D:\WINNT\system32\vordisa.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '747580bb.qua'.
D:\WINNT\system32\userinit.exe
[DETECTION] Is the TR/Agent.avwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '591aaff2.qua'.
D:\WINNT\system32\tobaoupk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4077946c.qua'.
D:\WINNT\system32\tobaoup.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '2c2bb85d.qua'.
D:\WINNT\system32\tldcoco.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d9081c7.qua'.
D:\WINNT\system32\telmanz.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5382b179.qua'.
D:\WINNT\system32\System.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
[NOTE] The file was moved to the quarantine directory under the name '1692c857.qua'.
D:\WINNT\system32\rexljehk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '1f9ccc90.qua'.
D:\WINNT\system32\rexljeh.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '47ddd5f9.qua'.
D:\WINNT\system32\qonenx.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b13ac40.qua'.
D:\WINNT\system32\qanhllao.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '55edccec.qua'.
D:\WINNT\system32\mirwznt.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '36dfe7e7.qua'.
D:\WINNT\system32\meyotme.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '101ea7fe.qua'.
D:\WINNT\system32\lenyuns.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
[NOTE] The file was moved to the quarantine directory under the name '22bfdc5a.qua'.
D:\WINNT\system32\kandoftt.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
[NOTE] The file was moved to the quarantine directory under the name '28faf758.qua'.
D:\WINNT\system32\jonzyan.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '17a9936b.qua'.
D:\WINNT\system32\jolends.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
[NOTE] The file was moved to the quarantine directory under the name '69839f4c.qua'.
D:\WINNT\system32\HBYY.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3ce89bd2.qua'.
D:\WINNT\system32\HBXY2.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3171eafa.qua'.
D:\WINNT\system32\HBWOW.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2d2dfef3.qua'.
D:\WINNT\system32\HBWD.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1cfeb33c.qua'.
D:\WINNT\system32\HBW2I.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '70a8a70a.qua'.
D:\WINNT\system32\HBTL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3937820d.qua'.
D:\WINNT\system32\HBSOUL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '62a38adc.qua'.
D:\WINNT\system32\HBSHQ.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
[NOTE] The file was moved to the quarantine directory under the name '04118635.qua'.
D:\WINNT\system32\HBQQXX.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '539df49d.qua'.
D:\WINNT\system32\HBQQSG.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '71eda3d6.qua'.
D:\WINNT\system32\HBQQFFO.dll
[DETECTION] Is the TR/Agent.alwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '19fdd941.qua'.
D:\WINNT\system32\HBmhly.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3997ddc4.qua'.
D:\WINNT\system32\HBKDXY.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6cd59b70.qua'.
D:\WINNT\system32\HBJTLQ.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0df6bacf.qua'.
D:\WINNT\system32\HBDNF.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
[NOTE] The file was moved to the quarantine directory under the name '6850f844.qua'.
D:\WINNT\system32\HBBO.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0d858ce5.qua'.
D:\WINNT\system32\HBASKTAO.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
[NOTE] The file was moved to the quarantine directory under the name '1e60b076.qua'.
D:\WINNT\system32\fliecods.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0cb1cca6.qua'.
D:\WINNT\system32\cenbezn.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1be4af1d.qua'.
D:\WINNT\system32\batteo.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '41f89d89.qua'.
D:\WINNT\system32\Aooy.exe
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '64c8e793.qua'.
D:\WINNT\aoto.exe
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '10aeffe0.qua'.

End of the scan: 06 October 2012 00:29
Used time: 6:42:45 Hour(s)

The scan has been done completely.

12772 Scanned directories
314581 Files were scanned
46 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
46 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
314535 Files not concerned
3525 Archives were scanned
3 Warnings
46 Notes
276403 Objects were scanned with rootkit scan
0 Hidden objects were found

**Edgecrusher** · 2012-10-30, 23:04

Avira Free Antivirus
Report file date: 02 October 2012 19:15

Scanning for 4294881 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 14:36:53
VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 14:36:53
VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 14:36:53
VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 14:36:53
VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 14:36:53
VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 14:36:53
VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 14:36:54
VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 14:36:54
VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 14:36:54
VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 14:36:55
VBASE017.VDF : 7.11.42.235 141312 Bytes 13/09/2012 14:36:55
VBASE018.VDF : 7.11.43.35 133632 Bytes 15/09/2012 14:36:55
VBASE019.VDF : 7.11.43.89 129024 Bytes 18/09/2012 14:36:55
VBASE020.VDF : 7.11.43.141 130560 Bytes 19/09/2012 14:36:55
VBASE021.VDF : 7.11.43.187 121856 Bytes 21/09/2012 14:36:56
VBASE022.VDF : 7.11.43.251 147456 Bytes 24/09/2012 14:36:56
VBASE023.VDF : 7.11.44.43 152064 Bytes 25/09/2012 14:36:56
VBASE024.VDF : 7.11.44.103 165888 Bytes 27/09/2012 14:36:57
VBASE025.VDF : 7.11.44.167 160256 Bytes 30/09/2012 14:36:57
VBASE026.VDF : 7.11.44.168 2048 Bytes 30/09/2012 14:36:57
VBASE027.VDF : 7.11.44.169 2048 Bytes 30/09/2012 14:36:57
VBASE028.VDF : 7.11.44.170 2048 Bytes 30/09/2012 14:36:57
VBASE029.VDF : 7.11.44.171 2048 Bytes 30/09/2012 14:36:57
VBASE030.VDF : 7.11.44.172 2048 Bytes 30/09/2012 14:36:57
VBASE031.VDF : 7.11.44.208 136704 Bytes 01/10/2012 21:47:26
Engine version : 8.2.10.178
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.58 463226 Bytes 29/09/2012 14:37:04
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.108 5329272 Bytes 29/09/2012 14:37:01
AEHELP.DLL : 8.1.24.0 258423 Bytes 29/09/2012 14:36:59
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.2 115060 Bytes 29/09/2012 14:37:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.0 53618 Bytes 21/12/2011 10:59:20
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 02 October 2012 19:15

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '70' Module(s) have been scanned
Scan process 'wlcomm.exe' - '69' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '136' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '86' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '147' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1632' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Documents and Settings\Home\My Documents\Downloads\install_flashplayer11x32_mssd_aih.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\Administrator\Local Settings\Temp\1a007.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\20abe.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\38b29.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Documents and Settings\thu\Local Settings\Temp\100.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1008758
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1012952
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1013304
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1024149
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1032803
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1042796
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1051218
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1070616
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1075563
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1076514
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1081923
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1091226
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1093088
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1093540
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1098105
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1098676
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1103554
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1126647
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1128049
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\113.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1142971
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1143702
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1155990
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1157963
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1184561
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1191169
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\120.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1222364
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1276353
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1285586
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\12B.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13af1.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13e31.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13ec7.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14025.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14039.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14089.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1410c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14184.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14224.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14292.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14397.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14780.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\147d0.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14820.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14848.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1499302
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14a1f.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14a8d.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14b0f.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14bec.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14e08.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14f7b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15039.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1509d.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1517779
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\151a2.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1550787
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1576c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\157f8.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15852.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1586949
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1588e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1606b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\161ac.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16292.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16473.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1649b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\168ac.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\169bb.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16c8c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16ce6.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16e80.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\177.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17a79.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17b55.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1822e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\18238.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1868445
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\1884208
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\18a0b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\192ce.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\19906.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1A5.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1a6e9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1afc0.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1ba1e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1bdfe.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1cd67.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1ea14.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\208934
[DETECTION] Is the TR/Agent.BACI Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2415040
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2417032
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\243a9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2469168
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2580a.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\25b36.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\29.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2ada2.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2bcbb.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2e6c9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2eccf.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\30253.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3261e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\34.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3633874
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\3c808.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3D.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3dbe8e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4080083
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4130617
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4194846
[DETECTION] Is the TR/Agent.BACJ Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4a694.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\506186
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\530201
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\537161
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\538182
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\545253
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\548297
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\5514cf.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\557861
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\566253
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\57.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\579512
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\580523
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\585150
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\587593
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\589136
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\604518
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\612309
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\625578
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\660348
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\689210
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\694347
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\6A.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\73.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\898741
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\92.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\933501
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\936331
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\944945
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\957532
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\958164
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\97.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\976461
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\990589
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\995529
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\A4.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\BB.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\E0.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\Program Files\Internet Explorer\Sys_NtMe.Zys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
D:\Program Files\Internet Explorer\UnixsMe.Jmp
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Program Files\Internet Explorer\VitnNt64.987
[DETECTION] Is the TR/ATRAPS.Gen Trojan
D:\Program Files\Internet Explorer\VneNt64.Jmp
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper

**Edgecrusher** · 2012-10-30, 23:09

i couldnt post the middle part of the last avira log, since it was too long. so i've attached it instead.

**Edgecrusher** · 2012-10-30, 23:11

End of the scan: 03 October 2012 00:37
Used time: 5:18:02 Hour(s)

The scan has been canceled!

11139 Scanned directories
242758 Files were scanned
183 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
161 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
242575 Files not concerned
2355 Archives were scanned
4 Warnings
161 Notes

the thing about this current computer is that it has been changed, cos my other PC broke due to the faulty motherboard. but this current computer i have now is much more older than my previous. this one is ridiculously old from the 90's. it was originally from a cousins workplace. when i scanned it the day i got it, thats when it detected all the serious amounts of viruses. and the only thing that was kept from my old computer was the hard drive, which is now in this one. also i have a very new recent wireless usb stick connected to this old piece of junk. i dont think streaming youtube videos works that well on this computer.

**Edgecrusher** · 2012-10-30, 23:22

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Home :: FAMILYPC-0F08F1 [administrator]

06/10/2012 12:50:18
mbam-log-2012-10-06 (12-50-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299115
Time elapsed: 6 hour(s), 56 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
D:\Program Files\Funshion Online\Funshion\RouterSetting.dll (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\Uninstall.exe (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\Funshion.exe (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\funshionplugin2.dll (PUP.Funshion) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150042.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150043.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINNT\wpcap.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINNT\Packet.dll (HackTool.Agent) -> Quarantined and deleted successfully.

(end)

Thread: computer extremely slow and full of trojans

Thread Tools

Display

Posting Permissions