Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TrojanDownloader.xs


  • Please log in to reply

#16
Mythical Detective Loki

Mythical Detective Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, April 18, 2008 11:10:23 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 19/04/2008 Kaspersky Anti-Virus database records: 715009 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 42560 Number of viruses found: 5 Number of infected objects: 5 Number of suspicious objects: 0 Duration of the scan process: 00:23:33 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Finn\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Finn\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\Finn\Local Settings\Application Data\AOL OCP\AIM\Storage\data\ninjaatreyu\localStorage\common.cls Object is locked skipped C:\Documents and Settings\Finn\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Finn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Finn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Finn\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Finn\Local Settings\History\History.IE5\MSHist012008041820080419\index.dat Object is locked skipped C:\Documents and Settings\Finn\Local Settings\Temp\~DF84FE.tmp Object is locked skipped C:\Documents and Settings\Finn\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Finn\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Finn\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Finn\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3D.tmp Infected: not-a-virus:FraudTool.Win32.AntiVirPro.k skipped C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped C:\QooBox\Quarantine\C\Program Files\Common Files\SEMBLY~1\lѕ[bleep].exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hysral.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{50171BEA-8716-4372-9DB0-1794396208F3}\RP45\A0030836.sys Infected: Rootkit.Win32.Agent.aih skipped C:\System Volume Information\_restore{50171BEA-8716-4372-9DB0-1794396208F3}\RP45\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{38EED0EE-6062-46FB-A81C-F92B3B6E74DE}.crmlog Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{803F8F46-67CA-4AB0-87A4-3BF3688A696B}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Attached Files


Edited by Mythical Detective Loki, 18 April 2008 - 10:12 PM.

  • 0

Advertisements


#17
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey Loki,
The log is very hard, if not impossible to read like that.
Try unchecking the wordwrap function in notepad before posting it, it should look like normal lines not one long line.

I am working today, I will review it tonight.

Harry
  • 0

#18
Mythical Detective Loki

Mythical Detective Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 18, 2008 11:10:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 715009
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 42560
Number of viruses found: 5
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:23:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Finn\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\Application Data\AOL OCP\AIM\Storage\data\ninjaatreyu\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\History\History.IE5\MSHist012008041820080419\index.dat Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\Temp\~DF84FE.tmp Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Finn\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Finn\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Finn\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 14\Quarantine\3D.tmp Infected: not-a-virus:FraudTool.Win32.AntiVirPro.k skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\SEMBLY~1\lѕ[bleep].exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hysral.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{50171BEA-8716-4372-9DB0-1794396208F3}\RP45\A0030836.sys Infected: Rootkit.Win32.Agent.aih skipped
C:\System Volume Information\_restore{50171BEA-8716-4372-9DB0-1794396208F3}\RP45\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{38EED0EE-6062-46FB-A81C-F92B3B6E74DE}.crmlog Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{803F8F46-67CA-4AB0-87A4-3BF3688A696B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#19
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok Loki,
a little cleanup:

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
    Click OK, it will remove Combofix

  • Make sure you have an Internet Connection.
  • Double-click OTScanIt.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTScanIt to rech the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please let me know how the machine is running, I believe that all the malware problems have been resolved.

Harry
  • 0

#20
Mythical Detective Loki

Mythical Detective Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I was able to remove combofix, but I wasn't able to use OTScanit, I will try again later and see if it works. It works better at some times then others it would seem. I will later see for an internet connection and to use OTScanit.
---
It was successful, no problems as of yet.
---
Small tech. error, sometimes the text on my broswer will flash on and off, and when i try and open intel it says 'error loading plug-ins' though my WiFi does work. Sometimes on other applications as well it will say 'not enough quota' ^^'
---
Okay now, it is being completely screwy. It says there are not enough quota for some programs, they are bad images, or that they are not a valid win32 application... Intel Proset Wireless will not work on safe mode with networking however it works fine when Windows manages my wifi on safe mode with networking ^^'

Edited by Mythical Detective Loki, 20 April 2008 - 11:57 PM.

  • 0

#21
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok Loki,
sounds like the Intel program used to control your wifi is borked, thats why it won't work in safe mode.
I am a little unsure about the eroors your recieving, can you copy them or take a screen shot and post that back to me?
Harry
  • 0

#22
Mythical Detective Loki

Mythical Detective Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Screen shots failed but I was able to write down the text in the error windows:

'Not enough quota to run this program'
'C:\ Program Files\ Internet Explorer\ explore.exe
Insufficient system resrouces exsust to complete the requested service'

'C:\ Program Files\ Intel\Wireless\Bin\Frmewrk.exe
is not a valid win32 application'
  • 0

#23
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey Loki,
Sorry for the delay, I looked at this a bunch of times now, and cannot figure out what direction to go in.

If the problem is strictly about your connection via the Intel wireset in safe mode, we will have to reload that set of programs. I cannot determine what the problem is without a lot of more specific information related to this failure. I do not believe this to be malware related, so we might need to get some of the tech staff involved.

Please restate the entire problem, from the start, so I can formulate a plan of action. :)

Harry
  • 0

#24
Mythical Detective Loki

Mythical Detective Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Alright, please excuse if this is a bit iffy, but it's a bit hard to describe...
You see, I will start my computer on Normal Mode and there will be a series of pop ups that come up on my screen reading:
'Cftmon.exe - Application Error
The application failed to initiate (0xc0000142) click OK to terminate'
'Msnmsgr.exe - Appilcation Eroor
The application failed to initiate ( 0xc000044) Click OK to terminate'
'aim6.exe - Bad Image
Application or DLL C:\ Program Files\ (sorry I didn't get the entire path down) is not a valid windows image'
'BsSndRpt.exe - Bad Image
Application or DLL C:\Program Files\ (once more did not get entire path\TMAS_OE\TMAS_OEHook.dll is not a valid windows image'
'Not enough quota to run this program'
'C:\ Program Files\ Internet Explorer\ explore.exe
Insufficient system resrouces exsust to complete the requested service'
'C:\ Program Files\ Intel\Wireless\Bin\Frmewrk.exe
is not a valid win32 application'

It will do these messages on just about every one of my programs! And when i tried to screen cap it said:
Insufficent memory to create bitmap Please close an application for memory usage'
when nothing else was even up!

My text will flash on and off screen, my windows will lose portions of themselves and disappear sometimes. My computer will not let at times internet explorer work on Normal Mode though sometimes it will. On Safe Mode none of these problems have yet occured. If you could please point me to something to help me with this dilemna ^^'
  • 0

#25
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok Loki,
2 lists I need to see:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notepad into your next post

Harry
  • 0

Advertisements


#26
Mythical Detective Loki

Mythical Detective Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
StartupList report, 4/24/2008, 5:09:17 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0013)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Finn\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
DMXLauncher = C:\Program Files\Dell\Media Experience\DMXLauncher.exe
pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
AntiVirusPro = C:\Program Files\AntiVirusPro\AntiVirusPro.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
Persistence = C:\WINDOWS\system32\igfxpers.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

OE_OEM = "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
Aim6 = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Veoh = "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[ActiveScan 2.0 Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\as2stubie.dll
CODEBASE = http://acs.pandasoft...s/as2stubie.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.mi...b?1208060883875

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.ma...t/ultrashim.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v3.7.5.0: system32\DRIVERS\AegisP.sys (autostart)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Broadcom 440x 10/100 Integrated Controller XP Driver: system32\DRIVERS\bcm4sbxp.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
DLABOIOM: System32\DLA\DLABOIOM.SYS (autostart)
DLACDBHM: System32\Drivers\DLACDBHM.SYS (system)
DLADResN: System32\DLA\DLADResN.SYS (autostart)
DLAIFS_M: System32\DLA\DLAIFS_M.SYS (autostart)
DLAOPIOM: System32\DLA\DLAOPIOM.SYS (autostart)
DLAPoolM: System32\DLA\DLAPoolM.SYS (autostart)
DLARTL_N: System32\Drivers\DLARTL_N.SYS (system)
DLAUDFAM: System32\DLA\DLAUDFAM.SYS (autostart)
DLAUDF_M: System32\DLA\DLAUDF_M.SYS (autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DRVMCDB: System32\Drivers\DRVMCDB.SYS (system)
DRVNDDM: System32\Drivers\DRVNDDM.SYS (autostart)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Intel® PROSet/Wireless Event Log: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
GoToAssist: "C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HSF_DPV: system32\DRIVERS\HSX_DPV.sys (manual start)
HSXHWAZL: system32\DRIVERS\HSXHWAZL.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\igxpmp32.sys (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
MBAMCatchMe: \??\C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys (manual start)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit: system32\DRIVERS\NETw4x32.sys (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
OMCI: \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (system)
Trend Micro Central Control Component: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (autostart)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
PsExec: %SystemRoot%\PSEXESVC.EXE (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Intel® PROSet/Wireless Registry Service: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
rimmptsk: system32\DRIVERS\rimmptsk.sys (autostart)
rimsptsk: system32\DRIVERS\rimsptsk.sys (autostart)
Ricoh xD-Picture Card Driver: system32\DRIVERS\rixdptsk.sys (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Intel® PROSet/Wireless Service: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (autostart)
WLAN Transport: system32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
SigmaTel High Definition Audio CODEC: system32\drivers\sthda.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{CF4D39F8-28E3-4161-8534-DAB36B81877E} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Trend Micro Common Firewall Service: system32\DRIVERS\TM_CFW.sys (manual start)
Trend Micro Real-time Service: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (autostart)
Trend Micro Personal Firewall: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (autostart)
tmpreflt: system32\DRIVERS\tmpreflt.sys (autostart)
Trend Micro Proxy Service: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (autostart)
Trend Micro TDI Driver: system32\DRIVERS\tmtdi.sys (system)
tmxpflt: system32\drivers\TmXPFlt.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Conexant Setup API: system32\DRIVERS\UIUSYS.SYS (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Viewpoint Manager Service: "C:\Program Files\Viewpoint\Common\ViewpointService.exe" (autostart)
vsapint: system32\DRIVERS\vsapint.sys (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSX_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Intel® PROSet/Wireless SSO Service: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (system)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 36,336 bytes
Report generated in 0.485 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#27
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hi Loki,
I am still working through this, and I have asked for a bit of advice from the Tech side here.
Seems like something is loading and using all the resourses there when booted in normal mode.
We may need to change the boot sequence to see what is actually causing this problem.

You did have a bit of malware in there to start, I do not think that there is anything left that would cause this problem.
It is possible that something you caught corrupted a valid program though, so lets try one other thing:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Harry
  • 0

#28
Mythical Detective Loki

Mythical Detective Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I tried in normal mode but in this mode it kept saying 'Overflow' and would stop the program. so I ran it in safe mode, here it is.
Malwarebytes' Anti-Malware 1.11
Database version: 684

Scan type: Quick Scan
Objects scanned: 50807
Time elapsed: 17 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 99
Files Infected: 1097

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Tencent\QQ Games\Plugin\PluginForAim.dll (Adware.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{68353829-557c-4906-875b-117f016cd73a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f327912-da1d-4a5e-b11f-fb943c9df36c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qq games (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6e1d8c13-b506-495a-995c-be98117a7d3f} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a54d3049-ac49-4bf0-8baa-c676c2b01945} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{81667202-fb60-492a-a141-6542821a2b17} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{81667202-fb60-492a-a141-6542821a2b17} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7368314d-4d47-4371-4f53-5f41766e7839} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aim plugin for qq games (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Tencent (Adware.Agent) -> Delete on reboot.
C:\Program Files\Tencent\QQ Games (Adware.Agent) -> Delete on reboot.
C:\Program Files\Tencent\QQ Games\Common (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Games (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Plugin (Adware.Agent) -> Delete on reboot.
C:\Program Files\Tencent\QQ Games\ProtHand (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Socket (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Storage (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ui (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Update (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Dynamic (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Users (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Dynamic\DirBlock (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\CAAddins (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\ChanAdd (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\Parsers (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ComplainRoom (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\DirIcons (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Download (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ExchangeMoney (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\face (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\FrameDlg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\GameShow (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\GAShow (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ItemShop (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Login (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\MainWin (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\playerinfopanel (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\PluginGameIcons (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Qg2003 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\QQAVShow (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\qqshow (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Room (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\roomitem (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\SelfInfo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Social (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Sound (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\TipDlg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\TitlIcon (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ToolTip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\images (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\installer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\AvatarRoom (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Chat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\GraRom (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Match (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\button (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\cursor (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\dialog (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\icon (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\list (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\menu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\msgbox (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\scroll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\splitter (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\tab (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\tip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\Tree2 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\dialog\itemshop (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\tip\BottomLeft (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\tip\BottomRight (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\tip\TopLeft (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\tip\TopRight (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\DirIcons\AolView (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\DirIcons\Status (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\DirIcons\AolView\clientBtns (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Download\LafPgs (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Login\Button (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Login\Cirpro (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Login\Update (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\MainWin\Border (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\MainWin\Button (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\MainWin\Tray (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\MainWin\web (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Qg2003\button (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Qg2003\MainWin (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Qg2003\skindlg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\qqshow\avct (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Room\GIPanel (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Update\Res (Adware.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Tencent\QQ Games\AdCtrlDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\CUQG.ocx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Factory.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\GameLaunch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\GameListMenu1.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\GmInfo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\HelpDllU.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\InstallHelper.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Localization.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\mfc42u.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Msvcp60.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\procdll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\QQGameAvatarShow.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\QQGames.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\QQGamesD.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\riched20.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Security.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\TBarDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Uninstall.EXE (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\vistaQG.bat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\WebActivaterU.ocx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\AsynDcmp.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\Common.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\Compress.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\Connect.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\DskRcvry.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\Encrypt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\LogProxy.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\NetSpeed.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\ProcMsg.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\Serial.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\SvrConn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\Thread.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\Timer.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\Utility.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Common\WordFilt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\config (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\default.swf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\defaultlogin.swf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\PositionInfo.data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Dynamic\Account.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Dynamic\Common.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Dynamic\LocalVersion.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\AdBan.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\BossKey.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\DirSvrs.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\Login.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\QQSvrs.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\sort.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\Update.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\URLs.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\config\Original\version.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Games\GSDisp.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Games\ItemDisp.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\CommonUILogic_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\ComplainRoomProtocolHandler_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\ComplainRoom_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\CUQG_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DirChannelAddin_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DownloadCenterUI_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DownloadCenter_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\GameListMenu_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\GlobalLogin_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\GRank.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\ItemEngine_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\ItemShopManagerLogic_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\ItemShop_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\ItemUse_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\MainLogic_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\MainServerRoomManagerLogic_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\MainUI_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\MiniGameRoomLogic_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\MsgBox_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\Other_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\P2PAddin_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\QQCorrelation_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\QQServerProtocolHandler_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\RoomInfrastructureComponents_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\RoomProcessingComponents_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\RoomUILogicComponents_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\SearchPlayer_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\SelfInfoUI_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\SelfInfo_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\Sociality_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\SocialJoinToPlay_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\statemap.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\TipOfDay_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\Update_en-us.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tipconfig.ini (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips.css (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\linefg.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\space.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\Thumbs.db (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\10.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\3.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\4.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\5.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\6.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\7.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\8.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\images\tips\9.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips\tips_2.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips\tips_3.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips\tips_4.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips\tips_5.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips\tips_6.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips\tips_7.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\en-us\DailyTip\tips\tips_8.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\CommonUILogic_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\ComplainRoomProtocolHandler_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\ComplainRoom_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\CUQG_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\DirChannelAddin_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\DownloadCenter_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\GameListMenu_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\GlobalLogin_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\ItemEngine_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\ItemShopManagerLogic_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\ItemShop_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\ItemUse_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\MainLogic_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\MainServerRoomManagerLogic_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\MainUI_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\MiniGameRoomLogic_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\MsgBox_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\Other_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\P2PAddin_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\QQCorrelation_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\RoomInfrastructureComponents_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\RoomProcessingComponents_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\RoomUILogicComponents_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\SearchPlayer_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\SelfInfoUI_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\SelfInfo_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\LocalizationRes\zh-cn\Sociality_zh-cn.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\AdBanner.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\AvMgrGm.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\AvtUDPDl.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\ComAsyn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\ComUILgi.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\DlImpl.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\DlProxy.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\GAGifHdl.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\GameNetAminLauncher.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\Global.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\GUFact.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\ImgLTSet.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\ItemShop.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\ItemUse.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\LafDown.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\Login.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\MainLogi.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\MainLogi.new.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\MRoomMgr.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\MsgBox.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\P2PAddin.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\QQAvDld.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\QQAvtShw.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\QQCorre.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\Scroll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\SelfInfo.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\SePlayer.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\ShopMgr.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\Social.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\SocialJoinToPlay.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\StartGam.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\StatInfo.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\UIStyle.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\Update.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\CAAddins\GInterop.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\CAAddins\GLaunch.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\CAAddins\MGRoom.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\CAAddins\RInfComp.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\CAAddins\RPrcComp.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\CAAddins\RUILComp.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\ChanAdd\DirChn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\logic\Parsers\ChatPars.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Plugin\AimStarter.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Plugin\PluginForAim.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Tencent\QQ Games\Plugin\procdll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Plugin\vistaQG.bat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\BaseProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\compprot.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\dirprot.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\DlProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\GmpbProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\GmpbProt.map (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\ItemProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\MainProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\QQProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\SelfPro.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\ShopProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\StatProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\ProtHand\UpdaProt.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ErrorDes.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ErrorDes.map (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\QGString.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\QQGame.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ReadMe.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\images\440x175a.jpg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\images\440x175b.jpg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\images\440x175c.jpg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\images\440x175d.jpg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\images\440x175e.jpg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\images\Thumbs.db (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\AD\inst\installer\index.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\findjoin.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\join.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\joinarrow.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\setting.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Thumbs.db (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\ToolBar.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\WaitProgress.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\AvatarRoom\CreateRoom.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\AvatarRoom\EnterRoom.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\AvatarRoom\StatusIcon.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\AvatarRoom\Thumbs.db (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Chat\faces2bmp.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Chat\Thumbs.db (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Chat\UBCAdmin.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Chat\UBCGlobal.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Chat\UBCUser.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Chat\userbroadcast.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\GraRom\room.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\GraRom\roombk.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\GraRom\Thumbs.db (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Match\blankbg.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Match\mymatch.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Match\ranklist.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Match\tab_bg1.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Match\tab_bg2.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Match\tab_bg3.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Match\Thumbs.db (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\enterroom1.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\enterroom2.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\enterroom3.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading1.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading10.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading11.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading2.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading3.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading4.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading5.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading6.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading7.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading8.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\CAAddins\Waiting\loading9.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\barleft.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\barmid.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\barright.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\borderr.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\commend.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\DefActi.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\DefDeac.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\dhotleft.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\dhotmid.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\dhotrig.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\game2_dark.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\game2_light.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\hhotleft.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\hhotmid.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\hhotrig.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\hint.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\hotleft.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\hotmid.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\hotrig.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\invite.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\langame2_dark.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\langame2_light.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\line.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\match2_dark.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\match2_light.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\read me.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\SeperateLine.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\sociality2_dark.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\sociality2_light.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\tabbtm.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\tabtop.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\tab_left.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AddinMgr\tab_right.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\11.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\21.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\22.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\23.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\7.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\70.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\8.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\default.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\DefMGm.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\FLASH.tga (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\game_logo_121.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\game_logo_22.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\game_logo_23.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\game_logo_7.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\game_logo_70.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\game_logo_8.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\ChannAdi\AdMiniGa\Thumbs.db (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\button\arrow.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\button\bcenter.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\button\bjoin_center.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\button\bjoin_left.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\button\bjoin_right.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\button\bleft.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\QQ Games\Res\Common\button\bright.bmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Progra
  • 0

#29
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Ok Loki,
That log got cut off, so lets see if we can make it a bit smaller:

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Tencent
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Run the MBAM scan again please, post the entire log :)

Harry
  • 0

#30
Mythical Detective Loki

Mythical Detective Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Once again neitehr worked in Normal Mode so I had to run this in safe mode- again.

This is what came up when I tried the code to move the files, and the log folders are empty when I try to open them:
File/Folder C:\Program Files\Tencent not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04272008_123507

Here is from the MBAM scan
Malwarebytes' Anti-Malware 1.11
Database version: 684

Scan type: Quick Scan
Objects scanned: 53566
Time elapsed: 14 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP