Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira running warnings for TR/XPack.gen, TR/Vundo.gen, TR/Zpack.gen and various other trojans trying to access my computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 eriolclow

eriolclow

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 08 June 2010 - 09:33 PM

Hi! A few weeks ago spybot detected win32.autorun.tmp (this troan also turns up when I scan my office laptop, so I might have to deal with that later too) in my computer. I deleted it, but upon reboot and rescanning the same trojan turned up again. So I downloaded malwarebytes to see if it could handle the problem, but I turned of spybot's teatimer while running the malwarebytes scan, as I'd heard that it interferes with malwarebytes registry cleaning actions. I did turn on teatimer after the scan was done, but I'm wondering if turning off teatimer might have enabled some trojans that were hiding in my system the opportunity to access and change my registry. Because what happens now is that every time I reboot with the modem turned on, I get trojan attempting to access warnings from avira, so I have to keep hitting deny access several times (as a lot of trojan windows pop up immediately after the lan networking icon on the system tray lights up). I don't get this problem when I run the computer in normal mode but with the moden turned off, so I'm guessing that I've been infected with a dropper trojan somewhere along the way, as malwarebytes finds temporary internet folder files that are detected as malware.

Anyway, what I wanted to ask if it would be OK to run gmer with the internet connection turned off (maybe I'll get lucky and it won't crash when saving the log this time)? And also, I'm having difficulty backing up my system as I don't have an external drive and my DVD burner seems to have conked out on me, would this be a problem if I ask for help in the logs forum?

Edited by eriolclow, 08 June 2010 - 09:34 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 08 June 2010 - 10:57 PM

Hello,yes you can run it that way. Did MBam find anything? Post that log. Infact you should update all securiy apps .Including SAS below. Then dis able Teatimer and disconnect from the web and scan.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 eriolclow

eriolclow
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 08 June 2010 - 11:21 PM

Hi! Thanks for the quick response. I already have atf cleaner saved in my desktop in normal mode, though for some reason it doesn't show up when I use safe mode.

Just to clarify, should I run malwarebytes in normal mode (after updating definitions)?

Then I run ATF cleaner in safe mode, delete all files, and then run full scan on superantispyware after?

So I'll be posting two logs here, a malwarebytes log run under normal and a superantispyware log run under safe mode?

I just remembered, i did a full scan on avira a few days back and it also identified a possible trojan which it said it couldn't delete because it was a mailbox, shall I post that log here as well?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 09 June 2010 - 08:44 AM

You're welcome. MBAM is stronger in normal and preffered. I prefer to run ATF in safe with SAS. SAS being stronger in safe. They can be run the other way if needed.
Post back MBAM,SAS and Avira.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 eriolclow

eriolclow
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 09 June 2010 - 07:02 PM

Malwarebytes quick scan run in normal mode, but teatimer still on (didn't want to risk disabling it again):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4183

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2010 10:18:53 PM
mbam-log-2010-06-09 (22-18-53).txt

Scan type: Quick scan
Objects scanned: 129194
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0

List of Avira detections so far:, though by no means completely up to date, as a lot of windows popped up again after i restarted the computer after doing the scans, and again when I got online to post this:

Exported events:

6/9/2010 20:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\22775.exe.
Action performed: Deny access

6/9/2010 20:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[2].exe.
Action performed: Deny access

6/9/2010 20:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\3763.exe.
Action performed: Deny access

6/9/2010 20:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\221[1].exe.
Action performed: Deny access

6/9/2010 20:58 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv361275553221.exe.
Action performed: Deny access

6/9/2010 20:54 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.8.24

6/9/2010 20:54 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/9/2010 7:35 [Guard] Service stopped
Service stopped.

6/9/2010 7:35 [Scheduler] Service stopped
The service was stopped.

6/9/2010 7:30 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275553768.exe.
Action performed: Deny access

6/9/2010 7:30 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.8.24

6/9/2010 7:29 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/9/2010 2:32 [Guard] Malware found
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\ckwnwbvd.sys.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\05623.exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\931.exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\1847429.exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\3[2].exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[3].exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\4058.exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\3[3].exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\3[1].exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Agent.vzm [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv671275552831.exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\3[1].exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\3[1].exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Agent.vzm [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv671275552831.exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\3[1].exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\5234.exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\68105.exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[2].exe.
Action performed: Deny access

6/9/2010 2:31 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.8.24

6/9/2010 2:31 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/9/2010 0:11 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\3[1].exe.
Action performed: Deny access

6/9/2010 0:11 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\5068231.exe.
Action performed: Deny access

6/9/2010 0:11 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\801.exe.
Action performed: Deny access

6/9/2010 0:11 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv631275580686.exe.
Action performed: Deny access

6/9/2010 0:11 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\221[2].exe.
Action performed: Deny access

6/9/2010 0:11 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\221[1].exe.
Action performed: Deny access

6/9/2010 0:11 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\774.exe.
Action performed: Deny access

6/9/2010 0:11 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9687320.exe.
Action performed: Deny access

6/9/2010 0:11 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.8.24

6/9/2010 0:11 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/9/2010 0:03 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\3703038.exe.
Action performed: Deny access

6/9/2010 0:03 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[1].exe.
Action performed: Deny access

6/9/2010 0:03 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\6098.exe.
Action performed: Deny access

6/9/2010 0:03 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\3[1].exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\162119.exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\477378.exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\3[2].exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\5183298.exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\21692.exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\6530727.exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\221[3].exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\3[1].exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\3[3].exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\0361951.exe.
Action performed: Deny access

6/9/2010 0:02 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.8.24

6/9/2010 0:01 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\5431299.exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9954.exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\708.exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\3[1].exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\3[2].exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\3[3].exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\3[1].exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\3[1].exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Bredolab.X.41 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\3[1].exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'WORM/Joleee.ewd [worm]'
detected in file 'C:\WINDOWS\Temp\wpv391275553171.exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\7141.exe.
Action performed: Deny access

6/8/2010 23:44 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[3].exe.
Action performed: Deny access

6/8/2010 23:43 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[1].exe.
Action performed: Deny access

6/8/2010 23:43 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\2900.exe.
Action performed: Deny access

6/8/2010 23:43 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\4659804.exe.
Action performed: Deny access

6/8/2010 23:43 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.8.24

6/8/2010 23:43 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/8/2010 23:22 [Updater] Update successfully carried out
Update of Avira AntiVir Personal - Free Antivirus on computer KENNETH
(192.168.1.100) successful.
The following files were updated by http://62.146.66.186/update:
vbase014.vdf 7.10.8.6
vbase015.vdf 7.10.8.7
vbase016.vdf 7.10.8.8
vbase017.vdf 7.10.8.9
vbase018.vdf 7.10.8.10
vbase019.vdf 7.10.8.11
vbase020.vdf 7.10.8.12
vbase021.vdf 7.10.8.13
vbase022.vdf 7.10.8.14
vbase023.vdf 7.10.8.15
vbase024.vdf 7.10.8.16
vbase025.vdf 7.10.8.17
vbase026.vdf 7.10.8.18
vbase027.vdf 7.10.8.19
vbase028.vdf 7.10.8.20
vbase029.vdf 7.10.8.21
vbase030.vdf 7.10.8.22
vbase031.vdf 7.10.8.24
aevdf.dat 7.10.8.24

6/8/2010 23:22 [Guard] Reload engine.
The Engine was reloaded.
Engine Version: 8.02.02.06
VDF Version: 7.10.08.24

6/8/2010 23:21 [Scheduler] Job started
The job "Immediate Update"
was started successfully.

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv421275553049.exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\221[1].exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\56384.exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9139.exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv171275553493.exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv821275553665.exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv171275553049.exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\615015.exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[2].exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[3].exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[1].exe.
Action performed: Deny access

6/8/2010 23:19 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\7917.exe.
Action performed: Deny access

6/8/2010 23:18 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/8/2010 23:18 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/8/2010 23:17 [Guard] Service stopped
Service stopped.

6/8/2010 23:17 [Scheduler] Service stopped
The service was stopped.

6/8/2010 23:10 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv821275552989.exe.
Action performed: Deny access

6/8/2010 23:10 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv721275553665.exe.
Action performed: Deny access

6/8/2010 23:10 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv821275552989.exe.
Action performed: Deny access

6/8/2010 23:10 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\513.exe.
Action performed: Deny access

6/8/2010 23:10 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\221[1].exe.
Action performed: Deny access

6/8/2010 23:10 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\221[2].exe.
Action performed: Deny access

6/8/2010 23:10 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\286179.exe.
Action performed: Deny access

6/8/2010 23:10 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\2987.exe.
Action performed: Deny access

6/8/2010 23:09 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/8/2010 23:09 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/8/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv581275915733.exe.
Action performed: Deny access

6/8/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv621275553103.exe.
Action performed: Deny access

6/8/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\315766.exe.
Action performed: Deny access

6/8/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\221[2].exe.
Action performed: Deny access

6/8/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\476.exe.
Action performed: Deny access

6/8/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\6729849.exe.
Action performed: Deny access

6/8/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\221[3].exe.
Action performed: Deny access

6/8/2010 23:05 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/8/2010 23:04 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/8/2010 22:59 [Guard] Service stopped
Service stopped.

6/8/2010 22:59 [Scheduler] Service stopped
The service was stopped.

6/8/2010 21:59 [Updater] Update not carried out
The update of KENNETH (192.168.1.100) from
http://perspeak.avira-update.com/update failed.
An error occurred during downloading
No new files were loaded.

6/8/2010 21:54 [Scheduler] Job started
The job "Daily Update"
was started successfully.

6/8/2010 21:53 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/8/2010 21:52 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/7/2010 23:06 [Guard] Service stopped
Service stopped.

6/7/2010 23:06 [Scheduler] Service stopped
The service was stopped.

6/7/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 23:05 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 23:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:58 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\742.exe.
Action performed: Deny access

6/7/2010 22:58 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\national157[1].exe.
Action performed: Deny access

6/7/2010 22:58 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\59933.exe.
Action performed: Deny access

6/7/2010 22:58 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\058.exe.
Action performed: Deny access

6/7/2010 22:58 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\221[1].exe.
Action performed: Deny access

6/7/2010 22:58 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\192[1].exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:52 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9885714.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\221[1].exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\813.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\192[1].exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv161275553665.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\3736.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.ajgc [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\050.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\933720.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv141275552989.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\732.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\16078.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\192[1].exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[2].exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv111275553221.exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.ajgc [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\grandisima11[1].exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\192[2].exe.
Action performed: Deny access

6/7/2010 22:51 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[1].exe.
Action performed: Deny access

6/7/2010 22:50 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/7/2010 22:49 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/7/2010 20:59 [Scheduler] Service stopped
The service was stopped.

6/7/2010 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\758.exe.
Action performed: Delete file

6/7/2010 20:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\national138[1].exe.
Action performed: Delete file

6/7/2010 20:20 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.ajmq [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\694.exe.
Action performed: Delete file

6/7/2010 20:20 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.ajmq [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\national165[1].exe.
Action performed: Delete file

6/7/2010 20:20 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\70800.exe.
Action performed: Delete file

6/7/2010 20:20 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\192[1].exe.
Action performed: Delete file

6/7/2010 20:20 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\3653.exe.
Action performed: Delete file

6/7/2010 20:20 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\721ZQ1VB\221[1].exe.
Action performed: Delete file

6/7/2010 19:48 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.agkc [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\110.exe.
Action performed: Delete file

6/7/2010 19:48 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.agkc [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\grandisima36[1].exe.
Action performed: Delete file

6/7/2010 19:44 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\92412.exe.
Action performed: Delete file

6/7/2010 19:44 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\192[1].exe.
Action performed: Delete file

6/7/2010 19:44 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\701714.exe.
Action performed: Delete file

6/7/2010 19:44 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\221[1].exe.
Action performed: Delete file

6/7/2010 19:40 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.aibo [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\national3[1].exe.
Action performed: Delete file

6/7/2010 19:40 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\7701890.exe.
Action performed: Delete file

6/7/2010 19:40 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\WINDOWS\Temp\wpv461275553103.exe.
Action performed: Delete file

6/7/2010 19:40 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\00513.exe.
Action performed: Delete file

6/7/2010 19:40 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\192[1].exe.
Action performed: Delete file

6/7/2010 19:40 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\Q5SMRPGG\221[1].exe.
Action performed: Delete file

6/7/2010 19:40 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.aibo [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\339.exe.
Action performed: Delete file

6/7/2010 19:06 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/7/2010 19:06 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 23:38 [Guard] Service stopped
Service stopped.

6/6/2010 23:38 [Scheduler] Service stopped
The service was stopped.

6/6/2010 23:21 [Updater] Update successfully carried out
Update on computer KENNETH (192.168.1.100) by http://62.146.66.186/update was
successful.
No new files are available.

6/6/2010 23:20 [Scheduler] Job started
The job "Daily Update"
was started successfully.

6/6/2010 23:20 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/6/2010 23:18 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 23:17 [Scheduler] Service stopped
The service was stopped.

6/6/2010 23:10 [Scanner] Scan
Scan ended [The scan has been done completely.].
Number of files: 447811
Number of folders: 12718
Number of malware: 2
Number of errors: 13

6/6/2010 21:24 [Scanner] Scan
Scan ended [The scan has been canceled!].
Number of files: 0
Number of folders: 0
Number of malware: 0
Number of errors: 0

6/6/2010 21:23 [Scheduler] Job started
The job "Complete system scan"
was started successfully.

6/6/2010 21:23 [Scheduler] Job started
The job "Complete system scan"
was started successfully.

6/6/2010 20:50 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/6/2010 20:50 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 20:49 [Guard] Service stopped
Service stopped.

6/6/2010 20:49 [Scheduler] Service stopped
The service was stopped.

6/6/2010 20:48 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\221[1].exe.
Action performed: Deny access

6/6/2010 20:48 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\123ILG08\192[1].exe.
Action performed: Deny access

6/6/2010 20:48 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3H1BBUAT\install[1].exe.
Action performed: Deny access

6/6/2010 20:48 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\91150.exe.
Action performed: Deny access

6/6/2010 20:48 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\80958.exe.
Action performed: Deny access

6/6/2010 20:48 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\1314142.exe.
Action performed: Deny access

6/6/2010 19:19 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/6/2010 19:18 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 19:17 [Guard] Service stopped
Service stopped.

6/6/2010 19:17 [Scheduler] Service stopped
The service was stopped.

6/6/2010 19:14 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\6249.exe.
Action performed: Deny access

6/6/2010 19:14 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\274065.exe.
Action performed: Deny access

6/6/2010 19:14 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\28233.exe.
Action performed: Deny access

6/6/2010 19:14 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\install[1].exe.
Action performed: Deny access

6/6/2010 19:14 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\221[1].exe.
Action performed: Deny access

6/6/2010 19:14 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\192[1].exe.
Action performed: Deny access

6/6/2010 19:14 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/6/2010 19:14 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 19:13 [Guard] Service stopped
Service stopped.

6/6/2010 19:13 [Scheduler] Service stopped
The service was stopped.

6/6/2010 19:11 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\0891764.exe.
Action performed: Deny access

6/6/2010 19:11 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\192[1].exe.
Action performed: Deny access

6/6/2010 19:11 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\968.exe.
Action performed: Deny access

6/6/2010 19:11 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\install[1].exe.
Action performed: Deny access

6/6/2010 19:11 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\81652.exe.
Action performed: Deny access

6/6/2010 19:11 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\221[1].exe.
Action performed: Deny access

6/6/2010 19:10 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/6/2010 19:10 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 19:09 [Guard] Service stopped
Service stopped.

6/6/2010 19:09 [Scheduler] Service stopped
The service was stopped.

6/6/2010 19:02 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\6698996.exe.
Action performed: Deny access

6/6/2010 19:02 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\PZ93XW44\install[1].exe.
Action performed: Deny access

6/6/2010 19:02 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\5008258.exe.
Action performed: Deny access

6/6/2010 19:02 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\PZ93XW44\192[1].exe.
Action performed: Deny access

6/6/2010 19:02 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\079202.exe.
Action performed: Deny access

6/6/2010 19:02 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\PZ93XW44\221[1].exe.
Action performed: Deny access

6/6/2010 19:00 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/6/2010 19:00 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 18:59 [Scheduler] Service stopped
The service was stopped.

6/6/2010 16:46 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\515479.exe.
Action performed: Deny access

6/6/2010 16:46 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\install[1].exe.
Action performed: Deny access

6/6/2010 16:46 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\09371.exe.
Action performed: Deny access

6/6/2010 16:46 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\221[1].exe.
Action performed: Deny access

6/6/2010 16:46 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\650.exe.
Action performed: Deny access

6/6/2010 16:46 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\192[1].exe.
Action performed: Deny access

6/6/2010 16:46 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/6/2010 16:45 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 16:44 [Scheduler] Service stopped
The service was stopped.

6/6/2010 16:25 [Scanner] Scan
Scan ended [The scan has been done completely.].
Number of files: 457944
Number of folders: 12879
Number of malware: 2
Number of errors: 15

6/6/2010 16:03 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.ajuy [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\grandisima76[1].exe.
Action performed: Deny access

6/6/2010 16:03 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.ajuy [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\287.exe.
Action performed: Deny access

6/6/2010 16:03 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\48501.exe.
Action performed: Deny access

6/6/2010 16:03 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9724.exe.
Action performed: Deny access

6/6/2010 16:03 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\192[1].exe.
Action performed: Deny access

6/6/2010 16:03 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\221[1].exe.
Action performed: Deny access

6/6/2010 16:03 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\56732.exe.
Action performed: Deny access

6/6/2010 16:03 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\install[1].exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\41713.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\221[1].exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9290.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\221[2].exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\7759.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\649923.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\0031909.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\221[2].exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\4156934.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\682.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\257807.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\23729.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\192[1].exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\31770.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\27393.exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\PZ93XW44\192[1].exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\PZ93XW44\install[1].exe.
Action performed: Deny access

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\221[1].exe.
Action performed: Delete file

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\install[2].exe.
Action performed: Delete file

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\529844.exe.
Action performed: Delete file

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\221[1].exe.
Action performed: Delete file

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\install[1].exe.
Action performed: Delete file

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\install[1].exe.
Action performed: Delete file

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\192[1].exe.
Action performed: Delete file

6/6/2010 15:59 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\192[2].exe.
Action performed: Delete file

6/6/2010 13:53 [Scheduler] Job started
The job "Complete system scan"
was started successfully.

6/6/2010 13:17 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\289.exe.
Action performed: Deny access

6/6/2010 13:17 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\0430697.exe.
Action performed: Deny access

6/6/2010 13:17 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9223.exe.
Action performed: Deny access

6/6/2010 13:17 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\593.exe.
Action performed: Deny access

6/6/2010 13:17 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\147670.exe.
Action performed: Deny access

6/6/2010 13:17 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\7429.exe.
Action performed: Deny access

6/6/2010 13:17 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\15690.exe.
Action performed: Deny access

6/6/2010 13:17 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\914.exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\34231.exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\install[1].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\6407636.exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\221[1].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\884.exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\192[1].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'WORM/Rimecud.B.477 [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\175.exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\install[3].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\192[1].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\5048.exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\221[3].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'WORM/Rimecud.B.477 [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\national44[1].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\221[2].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\221[1].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\192[3].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\192[2].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\install[2].exe.
Action performed: Deny access

6/6/2010 13:16 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\XRCDQEPA\install[1].exe.
Action performed: Deny access

6/6/2010 13:15 [Guard] Service started
Service started.
Version of service: 9.0.1.32
Version of Engine: 8.2.2.6
Version of VDF: 7.10.7.251

6/6/2010 13:13 [Scheduler] Service started
The service was started.
Version of service 9.0.0.9

6/6/2010 11:06 [Scheduler] Service stopped
The service was stopped.

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\969082.exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9996.exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\609.exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\9H2BXL0S\install[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\9H2BXL0S\221[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\9H2BXL0S\192[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\80409.exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\192[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\221[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\N67RHKGT\install[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\15167.exe.
Action performed: Deny access

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\9H2BXL0S\192[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\9H2BXL0S\221[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\982614.exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\9H2BXL0S\install[1].exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.agxw [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\599.exe.
Action performed: Delete file

6/6/2010 10:01 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.agxw [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\L4BD203D\grandisima22[1].exe.
Action performed: Delete file

6/6/2010 9:05 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\361689.exe.
Action performed: Delete file

6/6/2010 9:05 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\612.exe.
Action performed: Delete file

6/6/2010 9:05 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\IJJ28YH4\install[1].exe.
Action performed: Delete file

6/6/2010 9:05 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.aijk [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\831.exe.
Action performed: Delete file

6/6/2010 9:05 [Guard] Malware found
Virus or unwanted program 'WORM/Palevo.aijk [worm]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\IJJ28YH4\national166[1].exe.
Action performed: Delete file

6/6/2010 9:05 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\IJJ28YH4\192[1].exe.
Action performed: Delete file

6/6/2010 9:04 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\9509324.exe.
Action performed: Delete file

6/6/2010 9:04 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\IJJ28YH4\221[1].exe.
Action performed: Delete file

6/6/2010 9:03 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\14026.exe.
Action performed: Delete file

6/6/2010 9:03 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\642.exe.
Action performed: Delete file

6/6/2010 9:03 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\144.exe.
Action performed: Delete file

6/6/2010 9:03 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\81O8M6I6\install[1].exe.
Action performed: Delete file

6/6/2010 9:03 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\81O8M6I6\192[1].exe.
Action performed: Delete file

6/6/2010 9:03 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\81O8M6I6\221[1].exe.
Action performed: Delete file

6/6/2010 7:33 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\469.exe.
Action performed: Move file to quarantine

6/6/2010 7:33 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\349.exe.
Action performed: Move file to quarantine

6/6/2010 7:33 [Guard] Malware found
Virus or unwanted program 'TR/Vundo.Gen [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\install[1].exe.
Action performed: Move file to quarantine

6/6/2010 7:33 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\8245230.exe.
Action performed: Delete file

6/6/2010 7:33 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temp\90879.exe.
Action performed: Delete file

6/6/2010 7:33 [Guard] Malware found
Virus or unwanted program 'TR/SpamBot.37376 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\221[1].exe.
Action performed: Delete file

6/6/2010 7:33 [Guard] Malware found
Virus or unwanted program 'TR/ATRAPS.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\CFFQU63K\192[1].exe.
Action performed: Delete file

6/6/2010 7:32 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\Ken\Local Settings\Temporary
Internet Files\Content.IE5\3Y92VXXM\grandisima28[1].exe.
Action performed: Deny access


Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.

SAS Log run in safe:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2010 at 04:07 AM

Application Version : 4.38.1004

Core Rules Database Version : 5051
Trace Rules Database Version: 2863

Scan type : Complete Scan
Total Scan Time : 05:43:19

Memory items scanned : 216
Memory threats detected : 0
Registry items scanned : 5555
Registry threats detected : 2
File items scanned : 106698
File threats detected : 0

Malware.Trace
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman [ C:\DOCUME~1\Ken\LOCALS~1\Temp\838106.exe ]
HKU\S-1-5-21-299502267-861567501-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Avira log (most recent):



Avira AntiVir Personal
Report file date: Thursday, June 10, 2010 04:58

Scanning for 2199201 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KENNETH

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 11/19/2009 16:31:20
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 03:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 04:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 03:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:31:19
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 15:54:14
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 11:00:47
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 12:33:52
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 14:31:37
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 14:22:35
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 15:05:19
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 15:05:20
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 15:05:20
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 15:05:21
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 15:05:21
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 15:05:21
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 15:05:23
VBASE013.VDF : 7.10.7.225 2048 Bytes 6/2/2010 15:05:23
VBASE014.VDF : 7.10.8.6 136704 Bytes 6/7/2010 15:21:51
VBASE015.VDF : 7.10.8.7 2048 Bytes 6/7/2010 15:21:51
VBASE016.VDF : 7.10.8.8 2048 Bytes 6/7/2010 15:21:51
VBASE017.VDF : 7.10.8.9 2048 Bytes 6/7/2010 15:21:52
VBASE018.VDF : 7.10.8.10 2048 Bytes 6/7/2010 15:21:52
VBASE019.VDF : 7.10.8.11 2048 Bytes 6/7/2010 15:21:52
VBASE020.VDF : 7.10.8.12 2048 Bytes 6/7/2010 15:21:53
VBASE021.VDF : 7.10.8.13 2048 Bytes 6/7/2010 15:21:53
VBASE022.VDF : 7.10.8.14 2048 Bytes 6/7/2010 15:21:54
VBASE023.VDF : 7.10.8.15 2048 Bytes 6/7/2010 15:21:54
VBASE024.VDF : 7.10.8.16 2048 Bytes 6/7/2010 15:21:54
VBASE025.VDF : 7.10.8.17 2048 Bytes 6/7/2010 15:21:55
VBASE026.VDF : 7.10.8.18 2048 Bytes 6/7/2010 15:21:55
VBASE027.VDF : 7.10.8.19 2048 Bytes 6/7/2010 15:21:55
VBASE028.VDF : 7.10.8.20 2048 Bytes 6/7/2010 15:21:56
VBASE029.VDF : 7.10.8.21 2048 Bytes 6/7/2010 15:21:56
VBASE030.VDF : 7.10.8.22 2048 Bytes 6/7/2010 15:21:57
VBASE031.VDF : 7.10.8.28 89088 Bytes 6/9/2010 13:19:30
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/24/2010 13:38:19
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/3/2010 15:07:58
AESCN.DLL : 8.1.6.1 127347 Bytes 5/16/2010 02:51:58
AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 13:38:26
AERDL.DLL : 8.1.4.6 541043 Bytes 4/16/2010 14:02:46
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 15:04:12
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/16/2010 02:51:56
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/4/2010 15:20:01
AEHELP.DLL : 8.1.11.5 242038 Bytes 6/3/2010 15:05:58
AEGEN.DLL : 8.1.3.10 377205 Bytes 6/3/2010 15:05:50
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 13:38:11
AECORE.DLL : 8.1.15.3 192886 Bytes 5/16/2010 02:51:51
AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 13:38:05
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 01:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 9/9/2009 10:55:05
AVREP.DLL : 8.0.0.7 159784 Bytes 2/18/2010 11:31:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 03:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 08:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 03:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 08:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 01:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 03:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 08:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 11/19/2009 16:31:19

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, June 10, 2010 04:58

Starting search for hidden objects.
'55127' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiadap.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'VM303_STI.EXE' - '1' Module(s) have been scanned
Scan process 'E_S10IC2.EXE' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'oodtray.exe' - '1' Module(s) have been scanned
Scan process 'TBPANEL.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '62' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Ken\gkjny.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Program Files\Maxthon2\Temp\mx_2.5.11.3353(33).exe.td
[0] Archive type: NSIS
--> ProgramFilesDir/MxPageSearch.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Maxthon2\Temp\mx_2.5.11.3353(42).exe.td
[0] Archive type: NSIS
--> ProgramFilesDir/AList.xml
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Maxthon2\Temp\mx_2.5.11.3353(43).exe.td
[0] Archive type: NSIS
--> ProgramFilesDir/Language.ini
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Maxthon2\Temp\mx_2.5.11.3353(47).exe.td
[0] Archive type: NSIS
--> ProgramFilesDir/AList.xml
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Maxthon2\Temp\mx_2.5.6.350(2).exe.td
[0] Archive type: NSIS
--> ProgramFilesDir/Language.ini
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\SoftwareDistribution\Download\93b014fa45c8acc0773aabdc894c060a\BIT10.tmp
[0] Archive type: CAB (Microsoft)
--> _sfx_0000._p
[WARNING] The file could not be written!
--> _sfx_0009._p
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\'
D:\Files\Compilers\Files\ACMTREND\1000s of Visual Basic Source Code examples.zip
[0] Archive type: ZIP
--> VB6 and Extraction.zip
[1] Archive type: ZIP
--> self extracting exe/Data/Template.xyz
[DETECTION] Is the TR/Agent.49152.EF Trojan
--> VB6 and Mp3.zip
[1] Archive type: ZIP
--> MPEG Tag Viewer+Edit/prjID3Class.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.

Beginning disinfection:
C:\Documents and Settings\Ken\gkjny.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4c7a2963.qua'!


End of the scan: Thursday, June 10, 2010 07:51
Used time: 2:50:49 Hour(s)

The scan has been done completely.

12815 Scanned directories
447550 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
447546 Files not concerned
6143 Archives were scanned
15 Warnings
2 Notes
55127 Objects were scanned with rootkit scan
0 Hidden objects were found


Spybot is now giving warnings that it will kill a malicious process trying to run in my computer after every reboot as well, but I'm not sure how to extract just that information from spybot's logs though...

Edited by eriolclow, 09 June 2010 - 07:03 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 09 June 2010 - 08:10 PM

I think we had better move this to Virus, Trojan, Spyware, and Malware Removal Logs ,before we lose this machine.

Was this all the MBAM log you had?? It doesn't show the found malwares.
Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4183

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2010 10:18:53 PM
mbam-log-2010-06-09 (22-18-53).txt

Scan type: Quick scan
Objects scanned: 129194
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0



Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip GMER for now.
Include the link to this topic so we can refer back to these logs.

http://www.bleepingcomputer.com/forums/top...ml#entry1793290

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 eriolclow

eriolclow
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 09 June 2010 - 08:53 PM

Oh shoot. Sorry, I was in a hurry this morning so I didn't check what I copies and posted. I must not have been able to copy the entire malwarebytes log, but yes, malwarebytes got a lot of detections, which is probably why the superantispyware scan run immediately after was relatively clean by comparison. I'll just repost the malwarebytes log here when I get home later (expect that will cause an 8-12 hour lag), as I'm located at GMT+8 time zone and it's currently 10 AM on a working day over here.

I already ran a dds log last Tuesday, before I posted this thread. Would that be fine, or should I just run a new one?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 09 June 2010 - 08:58 PM

OK,that DDS log will be fine.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 eriolclow

eriolclow
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 10 June 2010 - 12:24 AM

Hi! I think I figured out what happened to the malwarebytes log I posted. It seems to have gotten pasted over when I pasted the avira detected logs, so I've just reconstructed it from the post I made earlier:

*edit*
re-posting with the full log as saved on the computer:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4183

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2010 10:18:53 PM
mbam-log-2010-06-09 (22-18-53).txt

Scan type: Quick scan
Objects scanned: 129194
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msconfig (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM10.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM11.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM12.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM15.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM17.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM18.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM19.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM1C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM1F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM21.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM23.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM2C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TM2E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\~TMB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv311275553768.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv391275553171.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv481275553103.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv631275580686.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv671275552831.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv761275553585.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv801275553171.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv821275552989.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv821275553665.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv141275553768.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv171275552900.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv251275553768.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv261275552789.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Local Settings\Temp\817349.exe (Malware.Trace) -> Quarantined and deleted successfully.

Edited by eriolclow, 10 June 2010 - 09:04 AM.


#10 eriolclow

eriolclow
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 10 June 2010 - 09:09 AM

Hi! DDS log has been posted here:

http://www.bleepingcomputer.com/forums/t/323192/avira-running-warnings-for-trxpackgen-trvundogen-trzpackgen-and-various-other-trojans-trying-to-access-my-computer/

My computer has started to restart on its own already, so I'm really getting scared now. Although, I found that when I allowed time to space my "deny access" commands on avira instead of going trigger happy on that button, this didn't happen anymore.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 10 June 2010 - 09:36 AM

Thank You... It may be a day or even two before the DDS log is reviewed and replied to. But it will be.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users