Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My brother's computer is infected! Need help


  • This topic is locked This topic is locked

#1
yanniv

yanniv

    Member

  • Member
  • PipPipPip
  • 107 posts
My brother has many virus and he has for operating system :windows xp
His computer is slow and many prompts (dont send) on the computer!

Look at what he has:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:38 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\Config\csrss.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: (no name) - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {385066e0-23f3-11db-a98b-0800200c9a66} - (no file)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunServices: [Windows Recycler] owvlms.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay10...es/MsnPUpld.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://www.googlecac...stall/tload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135490778609
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11670 bytes
  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

A question first - Is your Norton up to date? Is it still properly running? Did you purchase it? Because it suprises me that it didn't find and delete the malware present here.
That's why it is important you answer this question first since it's still a priority to have an up to date Antivirus running in the background. Otherwise we'll just run around in circles.
  • 0

#3
yanniv

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Actually, norton has been removed from the computer a long time ago, for some reason live update(symantec) remained on the computer but wasn't effective in any way. I finally removed everything and i am left with no antivirus.
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP

I finally removed everything and i am left with no antivirus.

I already thought that there was no working Antivirus here, so..

That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
  • 0

#5
yanniv

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi,
Thanks a lot
here is the report from Avira antivirus:



Avira AntiVir Personal
Report file date: Tuesday, May 06, 2008 19:05

Scanning for 1253417 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-AE066C3A9B

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 19:08:58
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 5/5/2008 23:01:42
ANTIVIR3.VDF : 7.0.4.8 26624 Bytes 5/6/2008 23:01:43
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 5/6/2008 23:02:14
AESCN.DLL : 8.1.0.15 119157 Bytes 5/6/2008 23:02:11
AERDL.DLL : 8.1.0.20 418165 Bytes 5/6/2008 23:02:10
AEPACK.DLL : 8.1.1.4 364918 Bytes 5/6/2008 23:02:06
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 5/6/2008 23:02:02
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 5/6/2008 23:02:00
AEHELP.DLL : 8.1.0.14 115063 Bytes 5/6/2008 23:01:49
AEGEN.DLL : 8.1.0.18 299381 Bytes 5/6/2008 23:01:48
AEEMU.DLL : 8.1.0.5 430450 Bytes 4/7/2008 21:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 5/6/2008 23:01:45
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 18:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, May 06, 2008 19:05

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'distnoted.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'YzShadow.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'USRWLANG.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'swdoctor.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'svehost.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\Config\csrss.exe'
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'sdhelp.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'Wrapper.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'csrss.exe' has been terminated
C:\WINDOWS\Config\csrss.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!

45 processes with 44 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '31' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0447D6CB-7CC6-4FD8-ACE8-40F4113EB197}\00000007.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0447D6CB-7CC6-4FD8-ACE8-40F4113EB197}\00000007.URM
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{6F3FE960-0ED1-41C5-BB05-675A0AAFE722}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{6F3FE960-0ED1-41C5-BB05-675A0AAFE722}\00000001.URM
[DETECTION] Is the Trojan horse TR/DelProx.A
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{7C84142E-7E42-4D2A-B26D-6F4623DA54C5}\00000003.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{7C84142E-7E42-4D2A-B26D-6F4623DA54C5}\00000003.URM
[DETECTION] Is the Trojan horse TR/IstBar.BZ.1
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{FBE97959-B998-41E0-9D2F-9E5D7A0C2580}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{FBE97959-B998-41E0-9D2F-9E5D7A0C2580}\00000001.URM
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The file was deleted!
C:\Documents and Settings\HP_Owner\Desktop\downloaded files from mozilla\ag-na27a.zip
[0] Archive type: ZIP
--> Keygen.EXE
[DETECTION] Is the Trojan horse TR/Agent.52909
[NOTE] The file was moved to '484de6a9.qua'!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP369\A0065541.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP369\A0065542.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP372\A0065722.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP372\A0065723.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP372\A0065748.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP372\A0065750.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0065798.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0065799.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0065817.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0065818.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0065829.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0065830.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066829.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066830.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066855.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066856.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066874.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066875.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066887.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066888.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066902.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP373\A0066903.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP374\A0066922.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP374\A0066923.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP374\A0066935.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP374\A0066936.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\A0066963.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\A0066964.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\A0067021.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\A0067022.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\A0067050.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP375\A0067051.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0067084.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0067085.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0067118.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0067119.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067169.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067170.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067182.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067183.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067197.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067198.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP379\A0067226.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP379\A0067227.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP380\A0067396.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP380\A0067397.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067609.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067610.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067633.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067634.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067648.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067649.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067663.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067664.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067694.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067695.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067728.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067729.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0067760.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0067761.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0067886.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0067887.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP384\A0067927.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP384\A0067928.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP386\A0067957.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP386\A0067958.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0067988.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0067989.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0068003.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0068004.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0068017.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0068018.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP388\A0068037.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP388\A0068038.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\A0068082.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\A0068083.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\A0068105.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\A0068106.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP390\A0069149.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP390\A0069150.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069169.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069170.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069186.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069187.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069199.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069201.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069216.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069217.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069233.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069234.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069246.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069247.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0069268.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0069269.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0069666.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0069667.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0070628.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0070629.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0071672.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0071673.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP393\A0071697.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP393\A0071698.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072011.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072012.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072028.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072029.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072045.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072046.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0073063.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0073064.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074063.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074064.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074114.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074115.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074139.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074140.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0074178.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0074179.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0074528.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0074529.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0075528.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0075529.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0076528.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0076529.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0077529.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0077530.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077544.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077546.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077559.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077560.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077580.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077581.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP405\A0077600.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP405\A0077601.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0078698.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0078699.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0078711.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0078712.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0079712.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0079713.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0080712.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0080713.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0080738.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0080739.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0080754.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0080755.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0081754.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0081755.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0082754.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0082755.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0082773.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0082774.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083773.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083774.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083786.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083787.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083800.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083801.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP409\A0083938.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP409\A0083939.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP410\A0083975.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP410\A0083976.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP411\A0084013.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP411\A0084014.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084070.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084071.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084103.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084104.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084135.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084136.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\A0084159.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\A0084160.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\A0084172.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\A0084173.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084189.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084190.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084216.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084217.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084234.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084235.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084247.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084248.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084270.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084271.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP415\A0084300.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP415\A0084301.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP416\A0084320.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP416\A0084321.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP417\A0084347.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP417\A0084348.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084411.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084412.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084765.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084766.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084953.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084954.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0084985.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0084986.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0085000.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0085001.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0085022.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0085023.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0085029.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\A0085049.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\A0085050.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\A0085066.exe
[DETECTION] Is the Trojan horse TR/Agent.xad
[NOTE] The file was deleted!
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\A0085067.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.LO Backdoor server programs
[NOTE] The file was deleted!
C
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Can you also post a new HijackThislog please?
  • 0

#7
yanniv

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi,

Since i deleted all the unwanted files with avira antivir, every time i start my computer there is a notification that sais: windows cannot locate csrss.exe

Anyways, here is the log, thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:35 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: (no name) - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {385066e0-23f3-11db-a98b-0800200c9a66} - (no file)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\SYSTEM32\IEHELPER3.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Recycler] owvlms.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay10...es/MsnPUpld.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://www.googlecac...stall/tload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135490778609
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12623 bytes
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Since i deleted all the unwanted files with avira antivir, every time i start my computer there is a notification that sais: windows cannot locate csrss.exe


We'll fix that... so do next please..

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323 <== check this entry if you didn't set it
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: (no name) - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: (no name) - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: (no name) - {385066e0-23f3-11db-a98b-0800200c9a66} - (no file)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\SYSTEM32\IEHELPER3.DLL
O2 - BHO: (no name) - {6B690ACD-9479-4C41-8A2D-D6083F650E81} - C:\WINDOWS\system32\HPDirecter.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
<= not required
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Windows Recycler] owvlms.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://www.googlecac...stall/tload.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot.

After reboot,

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply together with a new HijackThislog.
  • 0

#9
yanniv

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I rebooted my computer after i ran hijackthis and "csrss" notification has been removed.
However, before i perform the scan you asked for, i want to mention that yesterday i launched a first scan with :"Super Ad Blocker"
which found around 50 problems that've been removed/quarantined.
Does the program (Super Ad Blocker) interfere in any way at this point/should it been removed?
or should i just keep following the instructions normally...

Thank you
  • 0

#10
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

No, SuperAdBlocker doesn't interfere with anything, so just proceed with my instructions.
  • 0

Advertisements


#11
yanniv

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi

When i install Kaspersky, it says that Avira Antivir has to be removed first, because it is an incompatible software and both applications cannot be used together. Do i remove it?
  • 0

#12
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

You don't have to install Kaspersky. I asked in my previous post to use the Kaspersky Online scanner - so please read my previous post again :)
  • 0

#13
yanniv

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi,

I am on the web page (online scanner) but i don't know how to select a target to scan.
I just wan to make sure that i'm on the right page...http://www.kaspersky.com/kos/english/kavwebscan.html#

Thanks
  • 0

#14
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Not sure if you have read my previous instructions - It's explained there step by step what to do.
For the target, select C or My computer

And yes, you're on the right page :)

Edited by miekiemoes, 07 May 2008 - 05:36 PM.

  • 0

#15
yanniv

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi

OK i need some help: i followed the instructions exactly the way you asked. However, when the online scanner is done the updating....it says "ready" at the bottom but the "next" button is nowhere to be seen.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP