Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Complicated/multiple Infections - Hijack log + Malware log [RESOLVED]

Started by JustinIsMe , Jul 13 2008 01:27 AM

This topic is locked

#1
JustinIsMe

Posted 13 July 2008 - 01:27 AM

Member

Member
15 posts

This is my Dad's work computer and my bro's play computer.
Lately has been experiencing some heavy popups along with slow processing speeds.
From what I have seen, it is apparent that this computer is extremely infected. I have run Panda Active Scan but it had taken over 3 hours for it to reach 29%, so I just ended it.

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:55 AM, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\DUMB INTER.exe
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\ATHOME~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Dent blah] C:\DOCUME~1\ATHOME~1\APPLIC~1\EXTRAN~1\road face.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports....ommon/ieell.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxch...ectComboBox.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://citymap.nanaimo.ca/mgaxctrl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara....081765OneCC.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxch...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxch...ol/IRCSharc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {ABAB45AD-4D69-4C01-A4A4-DD105F1EAE61} (mgToolbarPub.Toolbar) - http://citymap.city....eX/Toolbars.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.trickster...sterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.trickster...utComponent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://webmap.abbots...ements/Acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 12310 bytes
--------------------------------------------------------------------

UNINSTALL LIST

7-Zip 4.42
AC3Filter (remove only)
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Avanquest update
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
Azureus
Chinese Simplified Fonts Support For Adobe Reader 8
Compatibility Pack for the 2007 Office system
Copernic 2001 Pro
Counter-Strike: Source
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
Easy Internet Sign-up
GdiplusUpgrade
Google Earth
Google Toolbar for Internet Explorer
GTA San Andreas
GTK+ 2.10.6-1 runtime environment
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Help and Support
HP Image Zone 4.8.5
HP Image Zone Plus 4.8.5
HP Pavillion dv4000 User Guides
HP Update
HP Wireless Assistant 1.01 A3
HPIZplus450
HyperCam 2
Image Expert
Intel® Graphics Media Accelerator Driver for Mobile
InterVideo Home Theater
InterVideo WinDVD
iPod Access for Windows v2.9.3
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Japanese Fonts Support For Adobe Reader 8
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
KSignAccessToolkit v1.0
Lexmark 1300 Series
Lexmark Toolbar
LimeWire 4.16.7
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Motorola Phone Tools
Mozilla Firefox (2.0.0.15)
MS Access 97 SP2
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.0 - SE
Network Play System (Patching)
OneCare Advisor (Windows Live Toolbar)
Panda ActiveScan 2.0
PartyPoker
Popup Blocker (Windows Live Toolbar)
Project64 1.6
Quick Launch Buttons 5.10 B5
QuickTime
RealPlayer
Registry First Aid
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Smart Menus (Windows Live Toolbar)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sony Ericsson PC Suite
Sony USB Driver
SoundMAX
SpeedBit Video Accelerator
Spelling Dictionaries Support For Adobe Reader 8
Steam™
SUPERAntiSpyware Free Edition
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Mass Storage Reader
UserGuides
VideoLAN VLC media player 0.8.6a
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Hotfix - KB893086
WinRAR archiver
XviD MPEG-4 Video Codec

--------------------------------------------------------------------

mbam-log

Malwarebytes' Anti-Malware 1.20
Database version: 944
Windows 5.1.2600 Service Pack 2

9:48:18 PM 12/07/2008
mbam-log-7-12-2008 (21-48-18).txt

Scan type: Quick Scan
Objects scanned: 48471
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1dbd6574-d6d0-4782-94c3-69619e719765} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1dbd6574-d6d0-4782-94c3-69619e719765} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Help\F3C74E3FA248.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\n2de.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Desktop\virusremove.txt (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

--------------------------------------------------------------------

Thank you for your help.

#2
fenzodahl512

Posted 14 July 2008 - 08:39 AM

Malware Removal
9,863 posts

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
Please let your firewall allow the scanning/downloading process.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator

Regards
fenzodahl512

#3
JustinIsMe

Posted 14 July 2008 - 08:08 PM

Member

Topic Starter
Member
15 posts

Thank you for your reply.

main.txt

Deckard's System Scanner v20071014.68
Run by At Home on 2008-07-14 18:50:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
37: 2008-07-15 01:50:21 UTC - RP594 - Deckard's System Scanner Restore Point
36: 2008-07-13 06:13:11 UTC - RP593 - Removed Zone Deluxe Games
35: 2008-07-13 04:29:23 UTC - RP592 - July 12. 2008
34: 2008-07-12 20:04:16 UTC - RP591 - System Checkpoint
33: 2008-07-11 18:46:51 UTC - RP590 - System Checkpoint

-- First Restore Point --
1: 2008-04-15 19:46:04 UTC - RP558 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as At Home.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:51 PM, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\At Home\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\At Home.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\DUMB INTER.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Dent blah] C:\DOCUME~1\ATHOME~1\APPLIC~1\EXTRAN~1\road face.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [Dent blah] C:\DOCUME~1\Ken\APPLIC~1\EXTRAN~1\road face.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [Steam] (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [amva] C:\WINDOWS\system32\amvo.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe (User 'Ken')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports....ommon/ieell.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxch...ectComboBox.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://citymap.nanaimo.ca/mgaxctrl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara....081765OneCC.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxch...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxch...ol/IRCSharc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {ABAB45AD-4D69-4C01-A4A4-DD105F1EAE61} (mgToolbarPub.Toolbar) - http://citymap.city....eX/Toolbars.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.trickster...sterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.trickster...utComponent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://webmap.abbots...ements/Acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 12998 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 avgntmgr - c:\windows\system32\drivers\avgntmgr.sys <Not Verified; H+BEDV Datentechnik GmbH; AntiVir®>
R1 avgntdd - c:\windows\system32\drivers\avgntdd.sys <Not Verified; AVIRA GmbH; AntiVir®>
R1 XPROTECTOR - c:\windows\system32\drivers\oreans.sys
R2 pciinfo (HP Pci Information) - c:\docume~1\athome~1\locals~1\temp\hpispz\hpdom\pciinfo.sys (file missing)
R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 dump_wmimmc - c:\nexon\maplestory\gameguard\dump_wmimmc.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 FLASHREADER (%FLASHREADER.SvcDesc%) - c:\windows\system32\drivers\causb.sys <Not Verified; ; CAUSB>
S3 iCheat1 - c:\documents and settings\at home\desktop\emertpackv2\icheat\nvid999.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 sejt1 - c:\documents and settings\at home\desktop\new folder (2)\sejt.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Scheduler>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-14 18:52:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-14 16:00:00 254 --ah----- C:\WINDOWS\Tasks\AFCF70599184EC95.job
2008-07-14 16:00:00 272 --ah----- C:\WINDOWS\Tasks\A6AA72C191ADE359.job
2008-07-13 17:36:00 250 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-14 10:08:49 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-14 18:43:10 118512 -r-hs---- C:\fi.cmd
2008-07-13 15:56:52 77312 -----n--- C:\WINDOWS\system32\ckvo0.dll
2008-07-13 11:56:59 77312 -r-hs---- C:\WINDOWS\system32\amvo1.dll
2008-07-13 00:18:34 0 d-------- C:\Program Files\Trend Micro
2008-07-12 23:18:56 77312 -----n--- C:\WINDOWS\system32\amvo0.dll
2008-07-12 23:18:56 118112 -r-hs---- C:\WINDOWS\system32\amvo.exe
2008-07-12 22:23:25 0 d-------- C:\Program Files\Panda Security
2008-07-12 21:31:44 0 d-------- C:\Documents and Settings\At Home\Application Data\Malwarebytes
2008-07-12 21:31:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 21:31:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 21:31:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-12 13:05:58 77312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-12 13:05:45 116972 -r-hs---- C:\ffojc.com
2008-07-12 13:05:18 118512 -r-hs---- C:\WINDOWS\system32\ckvo.exe
2008-07-11 10:32:38 118112 -r-hs---- C:\dgl6.bat
2008-07-02 16:15:01 0 d-------- C:\Program Files\extranurb
2008-06-14 11:40:49 0 d-------- C:\Documents and Settings\Ken\Application Data\LimeWire
2008-06-14 10:15:03 0 d-------- C:\Program Files\iPod

-- Find3M Report ---------------------------------------------------------------

2008-07-13 16:03:44 0 d-------- C:\Program Files\DivX
2008-07-12 23:14:50 0 d-------- C:\Program Files\MSN Messenger
2008-07-12 21:31:12 0 d-------- C:\Program Files\Common Files
2008-07-12 20:11:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 13:43:32 0 d-------- C:\Program Files\Lx_cats
2008-06-23 20:26:12 0 d-------- C:\Program Files\Steam
2008-06-23 12:53:04 0 d-------- C:\Documents and Settings\At Home\Application Data\extranurb
2008-06-16 20:55:40 0 d-------- C:\Documents and Settings\At Home\Application Data\LimeWire
2008-06-14 10:18:50 0 d-------- C:\Program Files\Apple Software Update
2008-06-14 10:15:20 0 d-------- C:\Program Files\iTunes
2008-06-14 10:13:23 0 d-------- C:\Program Files\QuickTime
2008-06-10 17:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-10 17:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-10 17:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-10 17:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-07 08:40:11 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-31 14:25:14 108309 -r-hs---- C:\nby.bat
2008-05-27 22:09:10 0 d-------- C:\Program Files\Lexmark Toolbar
2008-05-27 22:04:01 0 d-------- C:\Program Files\Lexmark 1300 Series
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2008 05:17 PM]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" []
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [30/04/2007 01:19 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/06/2008 11:13 AM]
"Proc Deaf Delete Peak"="C:\Documents and Settings\All Users\Application Data\file joy proc deaf\DUMB INTER.exe" [14/07/2008 06:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 09:24 AM]
"Steam"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/07/2007 07:07 PM]
"Dent blah"="C:\DOCUME~1\ATHOME~1\APPLIC~1\EXTRAN~1\road face.exe" [23/06/2008 12:52 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:00 AM]
"amva"="C:\WINDOWS\system32\amvo.exe" [12/07/2008 08:21 PM]
"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [14/07/2008 06:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [09/09/2005 12:14:16 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [18/04/2006 11:49:28 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [04/11/2004 7:28:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{291FABA8-CB00-488C-AC9E-B457FFC4A117}"= C:\WINDOWS\Debug\B831406A9770.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/07/2008 08:11 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 12/07/2008 08:10 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{494e58cd-bba6-11da-9492-0012f0a771fa}]
AutoRun\command- h6o0re.cmd
explore\Command- h6o0re.cmd
open\Command- h6o0re.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68f1e0fe-0d3a-11dc-966a-0012f0a771fa}]
AutoRun\command- F:\t.com
explore\Command- F:\t.com
open\Command- F:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4fc6297-ad39-11da-946e-0012f0a771fa}]
AutoRun\command- H:\t.com
explore\Command- H:\t.com
open\Command- H:\t.com

-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-14 18:53:26 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 1014.42 MiB / 420.04 MiB
Pagefile Memory (total/avail): 2442.21 MiB / 1848.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.31 MiB

C: is Fixed (NTFS) - 92.96 GiB total, 20.03 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHU2100AT - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 92.96 GiB - C:
\PARTITION1 - Unknown - 203.95 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: AntiVir PersonalEdition Classic Virus Protection v0.0.0.0 (AntiVir PersonalProducts GmbH) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1300 Series\\app4r.exe:*:Enabled:Lexmark Imaging Studio"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\At Home\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\At Home\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\NEXON\\MapleStory\\MapleStory.exe"="C:\\Program Files\\NEXON\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine"
"C:\\Documents and Settings\\At Home\\Desktop\\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\\Documents and Settings\\At Home\\Desktop\\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\At Home\\Desktop\\wowclient-downloader.exe"="C:\\Documents and Settings\\At Home\\Desktop\\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe"="C:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe:*:Enabled:FreeStyle"
"C:\\Documents and Settings\\At Home\\Desktop\\Pokemon Online\\Pokemon Online.exe"="C:\\Documents and Settings\\At Home\\Desktop\\Pokemon Online\\Pokemon Online.exe:*:Enabled:Multimedia Fusion Stand Alone Application"
"C:\\Documents and Settings\\At Home\\Local Settings\\Temp\\Rar$EX01.562\\pol_6.2\\Pokemon Online.exe"="C:\\Documents and Settings\\At Home\\Local Settings\\Temp\\Rar$EX01.562\\pol_6.2\\Pokemon Online.exe:*:Enabled:Multimedia Fusion Stand Alone Application"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Documents and Settings\\Ken\\Local Settings\\Temp\\occ.exe"="C:\\Documents and Settings\\Ken\\Local Settings\\Temp\\occ.exe:*:Enabled:OneCC Module"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"="C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\[email protected]\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE:*:Enabled:SC3UpdaterMFC"
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\deklaniverson\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\deklaniverson\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\At Home\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"="C:\\Documents and Settings\\At Home\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"="C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1300 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\WINDOWS\\system32\\lxdccoms.exe"="C:\\WINDOWS\\system32\\lxdccoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Ken\\Desktop\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="C:\\Documents and Settings\\Ken\\Desktop\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe:*:Enabled: "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\At Home\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC257063971244
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\At Home
LOGONSERVER=\\PC257063971244
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ATHOME~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ATHOME~1\LOCALS~1\Temp
USERDOMAIN=PC257063971244
USERNAME=At Home
USERPROFILE=C:\Documents and Settings\At Home
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Ken (admin)
At Home (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only) --> C:\Program Files\DivX\AC3Filter\uninstall.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Agere Systems AC'97 Modem --> agrsmdel
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 -removeonly
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Chinese Simplified Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Copernic 2001 Pro --> "C:\WINDOWS\Copernic2001UninstallPlus.exe" /ARGSFILE="C:\Program Files\Copernic 2001 Pro\unwise.dat"
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
GTK+ 2.10.6-1 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Image Zone 4.8.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.5 --> C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Pavillion dv4000 User Guides --> C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
HP Wireless Assistant 1.01 A3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
HPIZplus450 --> MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
Image Expert --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra Imaging\Image Expert\Uninst.isu" -c"C:\Program Files\Sierra Imaging\Image Expert\uninstall.dll
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
InterVideo Home Theater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod Access for Windows v2.9.3 --> "C:\Program Files\iPod Access for Windows\unins000.exe"
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KSignAccessToolkit v1.0 --> C:\WINDOWS\system32\UnInstall_KAccess.exe
Lexmark 1300 Series --> C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Quick Launch Buttons 5.10 B5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry First Aid --> "C:\Program Files\RFA\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson PC Suite --> MsiExec.exe /I{26B5D684-75D6-44B9-BBFF-D4100F43092A}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpeedBit Video Accelerator --> C:&

Edited by JustinIsMe, 14 July 2008 - 08:10 PM.

#4
fenzodahl512

Posted 15 July 2008 - 05:57 AM

Malware Removal
9,863 posts

Hello, please tell me what do you know about C:\Program Files\extranurb folder..

Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter

Click on the Scan button.
Select everything it is displaying there
Click the Fix button.
Then rescan with DAFT again - it should say now that "All associations are OK"
Close DAFT if you receive that message. This means that it is fixed now.

NEXT

Please attach your usual flash drive/external hard disk to your infected pc now...

Please download from Flash_Disinfector by sUBs and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

NEXT

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
iCheat1 <delete service>
sejt1 <delete service>
c:\documents and settings\at home\desktop\emertpackv2
c:\documents and settings\at home\desktop\new folder (2)\sejt.sys
C:\WINDOWS\Tasks\AFCF70599184EC95.job
C:\WINDOWS\Tasks\A6AA72C191ADE359.job
C:\fi.cmd
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\ckvo1.dll
C:\ffojc.com
C:\WINDOWS\system32\ckvo.exe
C:\dgl6.bat
C:\nby.bat
C:\Documents and Settings\All Users\Application Data\file joy proc deaf
C:\DOCUME~1\ATHOME~1\APPLIC~1\EXTRAN~1
C:\WINDOWS\Debug\B831406A9770.dll
F:\t.com
H:\t.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Proc Deaf Delete Peak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Dent blah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\amva
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kamsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{291FABA8-CB00-488C-AC9E-B457FFC4A117}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{494e58cd-bba6-11da-9492-0012f0a771fa}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68f1e0fe-0d3a-11dc-966a-0012f0a771fa}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4fc6297-ad39-11da-946e-0012f0a771fa}
EmptyTemp
purity
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the following logs in your next reply..

1. OTMoveIt2
2. A fresh DSS log (after OTMoveIt2 step)

Regards
fenzodahl512

#5
JustinIsMe

Posted 15 July 2008 - 06:51 PM

Member

Topic Starter
Member
15 posts

Thanks for your reply,

I completely forgot to mention the problem with the USB drives as well.
Will the Flash disinfector corrupt any information on these drives (3)? They store some important information.

Thanks, I just wanted to make sure, incase I need to back anything up before I go forward.

#6
JustinIsMe

Posted 15 July 2008 - 07:41 PM

Member

Topic Starter
Member
15 posts

Went ahead and did it anyways.

extranurb was just a empty folder, and I went ahead and deleted it.

I ran DSS.exe after using ATF_Cleaner and it cleaned 8gbs!.

OTMoveIt2 log:

Explorer killed successfully
iCheat1 service deleted successfully.
sejt1 service deleted successfully.
File/Folder c:\documents and settings\at home\desktop\emertpackv2 not found.
File/Folder c:\documents and settings\at home\desktop\new folder (2)\sejt.sys not found.
C:\WINDOWS\Tasks\AFCF70599184EC95.job moved successfully.
C:\WINDOWS\Tasks\A6AA72C191ADE359.job moved successfully.
File/Folder C:\fi.cmd not found.
File/Folder C:\WINDOWS\system32\ckvo0.dll not found.
File/Folder C:\WINDOWS\system32\amvo1.dll not found.
File/Folder C:\WINDOWS\system32\amvo0.dll not found.
File/Folder C:\WINDOWS\system32\amvo.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo1.dll NOT unregistered.
C:\WINDOWS\system32\ckvo1.dll moved successfully.
C:\ffojc.com moved successfully.
File/Folder C:\WINDOWS\system32\ckvo.exe not found.
File/Folder C:\dgl6.bat not found.
C:\nby.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\file joy proc deaf moved successfully.
C:\DOCUME~1\ATHOME~1\APPLIC~1\EXTRAN~1 moved successfully.
File/Folder C:\WINDOWS\Debug\B831406A9770.dll not found.
File/Folder F:\t.com not found.
File/Folder H:\t.com not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Proc Deaf Delete Peak >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Proc Deaf Delete Peak deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Dent blah >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Dent blah deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\amva >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\amva not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kamsoft >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kamsoft deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{291FABA8-CB00-488C-AC9E-B457FFC4A117} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{291FABA8-CB00-488C-AC9E-B457FFC4A117} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{494e58cd-bba6-11da-9492-0012f0a771fa} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{494e58cd-bba6-11da-9492-0012f0a771fa}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68f1e0fe-0d3a-11dc-966a-0012f0a771fa} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68f1e0fe-0d3a-11dc-966a-0012f0a771fa}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4fc6297-ad39-11da-946e-0012f0a771fa} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4fc6297-ad39-11da-946e-0012f0a771fa}\\ deleted successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_183511

------------------------------------------------------------------------------------------------------------------------------------------

Fresh DSS log:

Deckard's System Scanner v20071014.68
Run by At Home on 2008-07-15 21:38:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as At Home.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:00 PM, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\At Home\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ATHOME~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [Dent blah] C:\DOCUME~1\Ken\APPLIC~1\EXTRAN~1\road face.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [Steam] (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [amva] C:\WINDOWS\system32\amvo.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe (User 'Ken')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports....ommon/ieell.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxch...ectComboBox.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://citymap.nanaimo.ca/mgaxctrl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara....081765OneCC.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxch...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxch...ol/IRCSharc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {ABAB45AD-4D69-4C01-A4A4-DD105F1EAE61} (mgToolbarPub.Toolbar) - http://citymap.city....eX/Toolbars.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.trickster...sterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.trickster...utComponent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://webmap.abbots...ements/Acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 12797 bytes

-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-14 20:54:29 0 d-------- C:\Program Files\Avira
2008-07-14 20:54:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-13 00:18:34 0 d-------- C:\Program Files\Trend Micro
2008-07-12 22:23:25 0 d-------- C:\Program Files\Panda Security
2008-07-12 21:31:44 0 d-------- C:\Documents and Settings\At Home\Application Data\Malwarebytes
2008-07-12 21:31:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 21:31:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 21:31:12 0 d-------- C:\Program Files\Common Files\Download Manager

-- Find3M Report ---------------------------------------------------------------

2008-07-13 16:03:44 0 d-------- C:\Program Files\DivX
2008-07-12 23:14:50 0 d-------- C:\Program Files\MSN Messenger
2008-07-12 21:31:12 0 d-------- C:\Program Files\Common Files
2008-07-12 20:11:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 13:43:32 0 d-------- C:\Program Files\Lx_cats
2008-06-23 20:26:12 0 d-------- C:\Program Files\Steam
2008-06-16 20:55:40 0 d-------- C:\Documents and Settings\At Home\Application Data\LimeWire
2008-06-14 10:18:50 0 d-------- C:\Program Files\Apple Software Update
2008-06-14 10:15:20 0 d-------- C:\Program Files\iTunes
2008-06-14 10:15:03 0 d-------- C:\Program Files\iPod
2008-06-14 10:13:23 0 d-------- C:\Program Files\QuickTime
2008-06-10 17:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-10 17:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-10 17:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-10 17:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-07 08:40:11 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-27 22:09:10 0 d-------- C:\Program Files\Lexmark Toolbar
2008-05-27 22:04:01 0 d-------- C:\Program Files\Lexmark 1300 Series
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2008 05:17 PM]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" []
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [30/04/2007 01:19 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/06/2008 11:13 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 09:24 AM]
"Steam"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/07/2007 07:07 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [09/09/2005 12:14:16 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [18/04/2006 11:49:28 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [04/11/2004 7:28:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/07/2008 08:11 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 12/07/2008 08:10 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
s
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

-- End of Deckard's System Scanner: finished at 2008-07-15 21:39:23 ------------

Edited by JustinIsMe, 15 July 2008 - 10:41 PM.

#7
fenzodahl512

Posted 15 July 2008 - 11:45 PM

Malware Removal
9,863 posts

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [Dent blah] C:\DOCUME~1\Ken\APPLIC~1\EXTRAN~1\road face.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [amva] C:\WINDOWS\system32\amvo.exe (User 'Ken')
O4 - HKUS\S-1-5-21-4215398-1976366640-3380966323-1006\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe (User 'Ken')

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.

NEXT

Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post the following logs in your next reply..

1. Malwarebytes'
2. A fresh DSS log (after Malwarebytes' step)
3. Tell me about your computer conditions..

Regards
fenzodahl512

#8
JustinIsMe

Posted 16 July 2008 - 12:32 AM

Member

Topic Starter
Member
15 posts

Hey

Im running Malwares Scan, but every minute my AntVir Guard pops up telling me there is a detection for:

TR/Crypt.NSPM.Gen and other Trojan horses inside C:\Deckard\System\Scanner..\e7sf4.dll etc.

do I deny access or ignore?

Edited by JustinIsMe, 16 July 2008 - 12:35 AM.

#9
fenzodahl512

Posted 16 July 2008 - 09:35 AM

Malware Removal
9,863 posts

Hey

Im running Malwares Scan, but every minute my AntVir Guard pops up telling me there is a detection for:

TR/Crypt.NSPM.Gen and other Trojan horses inside C:\Deckard\System\Scanner..\e7sf4.dll etc.

do I deny access or ignore?

Ignore it..

#10
JustinIsMe

Posted 17 July 2008 - 08:38 PM

Member

Topic Starter
Member
15 posts

Malwarebytes' Anti-Malware 1.20
Database version: 962
Windows 5.1.2600 Service Pack 2

7:36:06 PM 17/07/2008
mbam-log-7-17-2008 (19-36-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 136762
Time elapsed: 46 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by At Home on 2008-07-17 19:36:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as At Home.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:15 PM, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\At Home\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ATHOME~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports....ommon/ieell.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxch...ectComboBox.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://citymap.nanaimo.ca/mgaxctrl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara....081765OneCC.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxch...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxch...ol/IRCSharc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {ABAB45AD-4D69-4C01-A4A4-DD105F1EAE61} (mgToolbarPub.Toolbar) - http://citymap.city....eX/Toolbars.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.trickster...sterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.trickster...utComponent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://webmap.abbots...ements/Acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 11808 bytes

-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-14 20:54:29 0 d-------- C:\Program Files\Avira
2008-07-14 20:54:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-13 00:18:34 0 d-------- C:\Program Files\Trend Micro
2008-07-12 22:23:25 0 d-------- C:\Program Files\Panda Security
2008-07-12 21:31:44 0 d-------- C:\Documents and Settings\At Home\Application Data\Malwarebytes
2008-07-12 21:31:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 21:31:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 21:31:12 0 d-------- C:\Program Files\Common Files\Download Manager

-- Find3M Report ---------------------------------------------------------------

2008-07-13 16:03:44 0 d-------- C:\Program Files\DivX
2008-07-12 23:14:50 0 d-------- C:\Program Files\MSN Messenger
2008-07-12 21:31:12 0 d-------- C:\Program Files\Common Files
2008-07-12 20:11:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 13:43:32 0 d-------- C:\Program Files\Lx_cats
2008-06-23 20:26:12 0 d-------- C:\Program Files\Steam
2008-06-16 20:55:40 0 d-------- C:\Documents and Settings\At Home\Application Data\LimeWire
2008-06-14 10:18:50 0 d-------- C:\Program Files\Apple Software Update
2008-06-14 10:15:20 0 d-------- C:\Program Files\iTunes
2008-06-14 10:15:03 0 d-------- C:\Program Files\iPod
2008-06-14 10:13:23 0 d-------- C:\Program Files\QuickTime
2008-06-10 17:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-10 17:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-10 17:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-10 17:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-07 08:40:11 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-27 22:09:10 0 d-------- C:\Program Files\Lexmark Toolbar
2008-05-27 22:04:01 0 d-------- C:\Program Files\Lexmark 1300 Series
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/04/2008 05:17 PM]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" []
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [30/04/2007 01:19 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/06/2008 11:13 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 04:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 09:24 AM]
"Steam"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/07/2007 07:07 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [09/09/2005 12:14:16 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [18/04/2006 11:49:28 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [04/11/2004 7:28:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/07/2008 08:11 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 12/07/2008 08:10 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68f1e0fe-0d3a-11dc-966a-0012f0a771fa}]
AutoRun\command- fi.cmd
explore\Command- fi.cmd
open\Command- fi.cmd

-- End of Deckard's System Scanner: finished at 2008-07-17 19:36:40 ------------

#11
fenzodahl512

Posted 18 July 2008 - 06:39 AM

Malware Removal
9,863 posts

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68f1e0fe-0d3a-11dc-966a-0012f0a771fa}
EmptyTemp
purity
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Tell me about your computer condition..

Regards
fenzodahl512

#12
JustinIsMe

Posted 18 July 2008 - 11:30 PM

Member

Topic Starter
Member
15 posts

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 18, 2008 10:29:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/07/2008
Kaspersky Anti-Virus database records: 970804
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 102858
Number of viruses found: 65
Number of infected objects: 345
Number of suspicious objects: 0
Duration of the scan process: 02:24:50

Infected Object Name / Virus Name / Last Action
C:\autorun.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\awda2.exe Infected: Packed.Win32.PolyCrypt.h skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\4fvlkvo.dll Infected: Rootkit.Win32.Agent.vr skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\4keteh.dll Infected: Trojan-PSW.Win32.OnLineGames.urq skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\54j.dll Infected: Trojan-PSW.Win32.OnLineGames.zex skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\5a9av.dll Infected: Trojan-PSW.Win32.OnLineGames.wkn skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\5kitr.dll Infected: Trojan-PSW.Win32.OnLineGames.nzn skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\7s9c.dll Infected: Rootkit.Win32.Agent.tf skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\9i.dll Infected: Trojan-PSW.Win32.OnLineGames.qqe skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\a745yz.dll Infected: Rootkit.Win32.Agent.yy skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\aajc.dll Infected: Trojan-PSW.Win32.OnLineGames.xlx skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\cz8.dll Infected: Trojan-PSW.Win32.OnLineGames.ahwj skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\dtwg.dll Infected: Worm.Win32.AutoRun.ekv skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\e7sf4.dll Infected: Trojan-PSW.Win32.OnLineGames.ski skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\f.dll Infected: Trojan-GameThief.Win32.OnLineGames.sfwg skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\fqlq.dll Infected: Rootkit.Win32.Vanti.hr skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\gydiv.dll Infected: Trojan-PSW.Win32.OnLineGames.qni skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\lb2t87v.dll Infected: Trojan-PSW.Win32.OnLineGames.oob skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\lr4x.dll Infected: Trojan-PSW.Win32.OnLineGames.qyz skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\ogcscda.dll Infected: Rootkit.Win32.Agent.tt skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\pelqe.dll Infected: Trojan-PSW.Win32.OnLineGames.pmo skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\qyf28.dll Infected: Trojan-PSW.Win32.OnLineGames.mrq skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\rvofi5.dll Infected: Worm.Win32.AutoRun.cva skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\sta13.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\sta1ED.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\sta3F.exe Infected: Trojan.Win32.Obfuscated.mw skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\sta5.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\tru17.tmp Infected: Trojan.Win32.Vaklik.brp skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\tru18.tmp Infected: Trojan.Win32.Vaklik.brp skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\uqtw.dll Infected: Trojan-PSW.Win32.OnLineGames.qlm skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\uz7re.dll Infected: Trojan-PSW.Win32.OnLineGames.nbf skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\vupin8b.dll Infected: Trojan-PSW.Win32.OnLineGames.rbs skipped
C:\Deckard\System Scanner\20080715182336\backup\DOCUME~1\ATHOME~1\LOCALS~1\Temp\yjyuu.dll Infected: Rootkit.Win32.Vanti.hu skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0310\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\scratch\ERRSTAT.HTM Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\scratch\VTS_01_2.VOB.0034e242.wmv Object is locked skipped
C:\Documents and Settings\At Home\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.65620 Infected: Worm.Win32.AutoRun.eap skipped
C:\Documents and Settings\At Home\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70097 Infected: Trojan.Win32.Vaklik.bro skipped
C:\Documents and Settings\At Home\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.99202 Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\Documents and Settings\At Home\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\cert8.db Object is locked skipped
C:\Documents and Settings\At Home\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\At Home\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\history.dat Object is locked skipped
C:\Documents and Settings\At Home\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\key3.db Object is locked skipped
C:\Documents and Settings\At Home\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\parent.lock Object is locked skipped
C:\Documents and Settings\At Home\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\search.sqlite Object is locked skipped
C:\Documents and Settings\At Home\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\At Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\ev3j1ciw.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\At Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\At Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\At Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ken\Application Data\extranurb\kglcwcft.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ken\Application Data\extranurb\zkmagfjo.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ken\Application Data\extranurb\zwgkmzwd.exe Infected: Trojan.Win32.Inject.rx skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/20 Jul 2007 09:00 from [email protected]:Ó¸£¸g«æÂàÅs§A·Q±o¥X/¼ú«~.com/2.sfx.exe/2.exe Infected: Packed.Win32.NSAnti.r skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/20 Jul 2007 09:00 from [email protected]:Ó¸£¸g«æÂàÅs§A·Q±o¥X/¼ú«~.com/2.sfx.exe Infected: Packed.Win32.NSAnti.r skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/20 Jul 2007 09:00 from [email protected]:Ó¸£¸g«æÂàÅs§A·Q±o¥X/¼ú«~.com Infected: Packed.Win32.NSAnti.r skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/29 Jul 2007 07:32 from [email protected]:¯ºÁ¼»y¤j¥þ /Äx²yÄ_¨©.com/1.sfx.exe/1.exe Infected: Packed.Win32.NSAnti.r skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/29 Jul 2007 07:32 from [email protected]:¯ºÁ¼»y¤j¥þ /Äx²yÄ_¨©.com/1.sfx.exe Infected: Packed.Win32.NSAnti.r skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/29 Jul 2007 07:32 from [email protected]:¯ºÁ¼»y¤j¥þ /Äx²yÄ_¨©.com Infected: Packed.Win32.NSAnti.r skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Dec 2007 15:21 from [email protected]:¾Ç·|·Ó¤ù^oo^/¦P¾Ç·|¬Û¤ù.com/13.sfx.exe/13.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Dec 2007 15:21 from [email protected]:¾Ç·|·Ó¤ù^oo^/¦P¾Ç·|¬Û¤ù.com/13.sfx.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Dec 2007 15:21 from [email protected]:¾Ç·|·Ó¤ù^oo^/¦P¾Ç·|¬Û¤ù.com Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/23 Dec 2007 10:58 from [email protected]:¬Ý§A©M§Ú½Ö´¼°Ó°ª^oo^/Á¼»y.com/2.sfx.exe/2.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/23 Dec 2007 10:58 from [email protected]:¬Ý§A©M§Ú½Ö´¼°Ó°ª^oo^/Á¼»y.com/2.sfx.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/23 Dec 2007 10:58 from [email protected]:¬Ý§A©M§Ú½Ö´¼°Ó°ª^oo^/Á¼»y.com Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Dec 2007 15:21 from [email protected]:¾Ç·|·Ó¤ù^oo^/¦P¾Ç·|¬Û¤ù.com/13.sfx.exe/13.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Dec 2007 15:21 from [email protected]:¾Ç·|·Ó¤ù^oo^/¦P¾Ç·|¬Û¤ù.com/13.sfx.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Dec 2007 15:21 from [email protected]:¾Ç·|·Ó¤ù^oo^/¦P¾Ç·|¬Û¤ù.com Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/27 Dec 2007 13:36 from [email protected]:·Ð§A°Õ,ÁÂÁÂ§A/¦Ñ¤j.com/17.sfx.exe/17.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/27 Dec 2007 13:36 from [email protected]:·Ð§A°Õ,ÁÂÁÂ§A/¦Ñ¤j.com/17.sfx.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/27 Dec 2007 13:36 from [email protected]:·Ð§A°Õ,ÁÂÁÂ§A/¦Ñ¤j.com Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/25 Jan 2008 05:55 from [email protected]:ÆW³Ì¼öªùªºAV¤kÀu«e¤Q/Äx²yÄ_¨©.zip/a16.com/data.rar/16.exe Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/25 Jan 2008 05:55 from [email protected]:ÆW³Ì¼öªùªºAV¤kÀu«e¤Q/Äx²yÄ_¨©.zip/a16.com/data.rar Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/25 Jan 2008 05:55 from [email protected]:ÆW³Ì¼öªùªºAV¤kÀu«e¤Q/Äx²yÄ_¨©.zip/a16.com Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/25 Jan 2008 05:55 from [email protected]:ÆW³Ì¼öªùªºAV¤kÀu«e¤Q/Äx²yÄ_¨©.zip Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/17 Feb 2008 08:08 from [email protected]:¸`¦N²»°Å¯È¹Ï¤ù/¬K¸`¦N²»°Å¯È¹Ï¤ù.zip/¼K+`ªN¦+¦+»+¦-ñ·.cmd Infected: Trojan-PSW.Win32.OnLineGames.rkn skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/17 Feb 2008 08:08 from [email protected]:¸`¦N²»°Å¯È¹Ï¤ù/¬K¸`¦N²»°Å¯È¹Ï¤ù.zip Infected: Trojan-PSW.Win32.OnLineGames.rkn skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/26 Feb 2008 20:47 from [email protected]:²q¨ì§A³Ì³ßÅw£{Â§ª«^^/³Ì³ßÅw£{Â§ª«.zip/¦¦¦¯+wú{-º¬½.cmd/20.sfx.exe/20.exe Infected: Packed.Win32.PolyCrypt.h skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/26 Feb 2008 20:47 from [email protected]:²q¨ì§A³Ì³ßÅw£{Â§ª«^^/³Ì³ßÅw£{Â§ª«.zip/¦¦¦¯+wú{-º¬½.cmd/20.sfx.exe Infected: Packed.Win32.PolyCrypt.h skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/26 Feb 2008 20:47 from [email protected]:²q¨ì§A³Ì³ßÅw£{Â§ª«^^/³Ì³ßÅw£{Â§ª«.zip/¦¦¦¯+wú{-º¬½.cmd Infected: Packed.Win32.PolyCrypt.h skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/26 Feb 2008 20:47 from [email protected]:²q¨ì§A³Ì³ßÅw£{Â§ª«^^/³Ì³ßÅw£{Â§ª«.zip Infected: Packed.Win32.PolyCrypt.h skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/25 Mar 2008 01:07 from [email protected]:¬I¦P©v¦Z¸Ç¦b¥xÆW¡G°Ó/().zip/¼I¿+ºg(¦-íGÑx¦W¬F¦-+s+D).cmd/6.exe Infected: Trojan-PSW.Win32.Magania.icj skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/25 Mar 2008 01:07 from [email protected]:¬I¦P©v¦Z¸Ç¦b¥xÆW¡G°Ó/().zip/¼I¿+ºg(¦-íGÑx¦W¬F¦-+s+D).cmd Infected: Trojan-PSW.Win32.Magania.icj skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/25 Mar 2008 01:07 from [email protected]:¬I¦P©v¦Z¸Ç¦b¥xÆW¡G°Ó/().zip Infected: Trojan-PSW.Win32.Magania.icj skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Apr 2008 09:51 from [email protected]:¶D§A¤@¥ó¨Æ^ - ^³o¨Æ§/.zip/ºi¦DºA¿¦¦í+g¦L.exe/16.sfx.exe/16.exe Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Apr 2008 09:51 from [email protected]:¶D§A¤@¥ó¨Æ^ - ^³o¨Æ§/.zip/ºi¦DºA¿¦¦í+g¦L.exe/16.sfx.exe Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Apr 2008 09:51 from [email protected]:¶D§A¤@¥ó¨Æ^ - ^³o¨Æ§/.zip/ºi¦DºA¿¦¦í+g¦L.exe Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Apr 2008 09:51 from [email protected]:¶D§A¤@¥ó¨Æ^ - ^³o¨Æ§/.zip Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/17 May 2008 18:04 from [email protected]:PK¬P¥ú¤T¯Z!!/PK!!.zip/PK¼PÑ·ñT»Z!!.exe/32.exe Infected: Trojan-PSW.Win32.Magania.pzy skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/17 May 2008 18:04 from [email protected]:PK¬P¥ú¤T¯Z!!/PK!!.zip/PK¼PÑ·ñT»Z!!.exe Infected: Trojan-PSW.Win32.Magania.pzy skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/17 May 2008 18:04 from [email protected]:PK¬P¥ú¤T¯Z!!/PK!!.zip Infected: Trojan-PSW.Win32.Magania.pzy skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Apr 2008 09:51 from [email protected]:¶D§A¤@¥ó¨Æ^ - ^³o¨Æ§/.zip/ºi¦DºA¿¦¦í+g¦L.exe/16.sfx.exe/16.exe Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Apr 2008 09:51 from [email protected]:¶D§A¤@¥ó¨Æ^ - ^³o¨Æ§/.zip/ºi¦DºA¿¦¦í+g¦L.exe/16.sfx.exe Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Apr 2008 09:51 from [email protected]:¶D§A¤@¥ó¨Æ^ - ^³o¨Æ§/.zip/ºi¦DºA¿¦¦í+g¦L.exe Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/May and Sidney/19 Apr 2008 09:51 from [email protected]:¶D§A¤@¥ó¨Æ^ - ^³o¨Æ§/.zip Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/12 Jul 2008 20:31 from [email protected]:·R£x¿ËªB¦n¤ÍÀ°§Ú¬Ý¬Ý/.zip/ªX¼·«-.exe/8.exe Infected: Trojan-GameThief.Win32.Magania.wpk skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/12 Jul 2008 20:31 from [email protected]:·R£x¿ËªB¦n¤ÍÀ°§Ú¬Ý¬Ý/.zip/ªX¼·«-.exe Infected: Trojan-GameThief.Win32.Magania.wpk skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/12 Jul 2008 20:31 from [email protected]:·R£x¿ËªB¦n¤ÍÀ°§Ú¬Ý¬Ý/.zip Infected: Trojan-GameThief.Win32.Magania.wpk skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst MailMSMaill: infected - 45 skipped
C:\Documents and Settings\Ken\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ken\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\f.exe Infected: Trojan-PSW.Win32.OnLineGames.wkn skipped
C:\h.cmd Infected: Trojan-PSW.Win32.OnLineGames.qiq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0113966.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0113992.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114016.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114030.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114061.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114089.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114117.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114127.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114148.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114162.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114174.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114198.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0114231.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP560\A0115231.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP561\A0115255.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP562\A0115258.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP562\A0115278.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP562\A0115291.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP562\A0115395.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP562\A0115420.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP562\A0115459.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP562\A0115476.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP563\A0115481.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP563\A0115491.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP563\A0115503.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP563\A0115550.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP563\A0115560.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP563\A0115576.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP563\A0115588.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP564\A0115607.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP564\A0115619.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP564\A0115677.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP564\A0115808.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP564\A0115820.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP564\A0115834.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP565\A0115849.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP565\A0115919.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP565\A0115936.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP565\A0115950.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP566\A0115966.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP566\A0115992.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP566\A0116015.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116045.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116054.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116096.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116108.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116130.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116153.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116237.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116253.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116289.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116310.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116332.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116347.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116359.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP567\A0116375.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP568\A0116463.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP568\A0116490.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP568\A0116506.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0116525.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0116558.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0116570.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0116601.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0116629.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0116698.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117698.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117715.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117759.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117774.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117792.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117824.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117835.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117852.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117866.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117889.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117901.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117912.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP569\A0117924.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP570\A0117938.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP571\A0117966.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP571\A0118017.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP571\A0118229.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP571\A0118246.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP571\A0118260.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP571\A0118288.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP571\A0118303.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118318.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118357.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118384.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118399.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118413.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118425.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118456.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118485.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118505.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118528.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118529.inf Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118569.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118570.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118584.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118586.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP572\A0118598.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP573\A0118622.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP573\A0118640.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP573\A0118642.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP573\A0118648.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP573\A0118650.exe Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP574\A0118678.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP574\A0118680.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP574\A0118693.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP574\A0118695.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP574\A0118705.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP574\A0118731.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP574\A0118733.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP575\A0118746.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP575\A0119731.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP575\A0119733.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP575\A0119747.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP575\A0119756.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP575\A0119759.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119864.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119866.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119880.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119882.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119898.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119913.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119916.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119928.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP577\A0119930.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP578\A0119935.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP578\A0119966.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP578\A0119968.com Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP578\A0119978.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP578\A0119980.exe Infected: Trojan-PSW.Win32.OnLineGames.allv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP578\A0120020.dll Infected: Trojan-PSW.Win32.OnLineGames.anyz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120206.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120609.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120691.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120754.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120787.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120822.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120841.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120912.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP580\A0120952.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP581\A0120969.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP582\A0121018.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP583\A0121042.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP583\A0121060.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP583\A0121077.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP583\A0121139.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP584\A0121151.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP584\A0121190.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP584\A0121240.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP584\A0121292.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP584\A0121314.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP584\A0121355.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP584\A0122355.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP585\A0122360.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP585\A0122447.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP585\A0122463.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP585\A0122479.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP585\A0122497.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP586\A0122508.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP586\A0122539.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP586\A0122585.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP586\A0122615.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP586\A0122634.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP587\A0122641.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP588\A0122662.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP588\A0122684.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP588\A0122718.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP589\A0122730.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP589\A0122769.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP589\A0122793.inf Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP590\A0122824.bat Infected: Trojan.Win32.Vaklik.bqu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP590\A0122825.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP590\A0122835.bat Infected: Trojan.Win32.Vaklik.bqu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP590\A0122836.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP590\A0122845.exe Infected: Trojan.Win32.Vaklik.bqu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP590\A0122868.bat Infected: Trojan.Win32.Vaklik.bqu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP590\A0122869.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122874.bat Infected: Trojan.Win32.Vaklik.bqu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122875.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122905.exe Infected: Trojan.Win32.Vaklik.bqu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122908.bat Infected: Trojan.Win32.Vaklik.bqu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122912.com Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122913.bat Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122914.com Infected: Worm.Win32.AutoRun.des skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122915.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122916.exe Infected: Trojan-PSW.Win32.OnLineGames.syv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122917.bat Infected: Trojan-PSW.Win32.OnLineGames.acgu skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122918.com Infected: Trojan-PSW.Win32.OnLineGames.wgy skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122919.com Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122920.com Infected: Trojan-PSW.Win32.OnLineGames.zll skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122921.cmd Infected: Trojan-PSW.Win32.OnLineGames.ywg skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122922.exe Infected: Trojan-PSW.Win32.OnLineGames.zex skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122923.exe Infected: Trojan-PSW.Win32.OnLineGames.nzn skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122924.cmd Infected: Trojan-PSW.Win32.OnLineGames.uaw skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122925.exe Infected: Trojan-PSW.Win32.Magania.lgv skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122926.com Infected: Worm.Win32.AutoRun.cxk skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122927.com Infected: Trojan-PSW.Win32.OnLineGames.yze skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122928.com Infected: Worm.Win32.AutoRun.cva skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122938.bat Infected: Trojan.Win32.Vaklik.bro skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP591\A0122939.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP592\A0122945.bat Infected: Trojan.Win32.Vaklik.bro skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP592\A0122946.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP592\A0122950.dll Infected: Trojan-PSW.Win32.Magania.dsg skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP592\A0122953.cmd Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP592\A0122954.exe Infected: Trojan.Win32.Vaklik.bro skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP592\A0122956.dll Infected: Worm.Win32.AutoRun.eap skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP592\A0122966.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP593\A0123013.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP593\A0123047.dll Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP593\A0123052.inf Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP593\A0123053.bat Infected: Trojan.Win32.Vaklik.bro skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP593\A0123065.exe Infected: Worm.Win32.AutoRun.eks skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP593\A0123067.dll Infected: Worm.Win32.AutoRun.eks skip

Edited by JustinIsMe, 19 July 2008 - 02:35 PM.

#13
fenzodahl512

Posted 19 July 2008 - 09:32 AM

Malware Removal
9,863 posts

Hello, somehow your Kaspersky log seems to be cut-off.. Lets do the following...

Please delete your Outlook Inbox email from [email protected].. All of those emails are infected..

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\autorun.inf
C:\awda2.exe
C:\Documents and Settings\At Home\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.65620
C:\Documents and Settings\At Home\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70097
C:\Documents and Settings\At Home\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.99202
C:\Documents and Settings\Ken\Application Data\extranurb\kglcwcft.exe
C:\Documents and Settings\Ken\Application Data\extranurb\zkmagfjo.exe
C:\Documents and Settings\Ken\Application Data\extranurb\zwgkmzwd.exe
C:\f.exe
C:\h.cmd
C:\S
EmptyTemp
purity
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Tell me about your computer conditions..

Regards
fenzodahl512

#14
JustinIsMe

Posted 19 July 2008 - 02:33 PM

Member

Topic Starter
Member
15 posts

Hmm for some reason it does not allow me to show the whole report. I just tried to edit the post by re-copying and pasting the report, but it just shows only half of it again.

However, when I pressed "Preview Post" here it showed the whole thing.
Somereason the final post changes.

edit: each time I try and repost it/re-edit it, the final result in the post is different. I do not know why it is doing this.

Edited by JustinIsMe, 19 July 2008 - 02:39 PM.

#15
fenzodahl512

Posted 19 July 2008 - 02:37 PM

Malware Removal
9,863 posts

Hmm for some reason it does not allow me to show the whole report. I just tried to edit the post by re-copying and pasting the report, but it just shows only half of it again.

However, when I pressed "Preview Post" here it showed the whole thing.
Somereason the final post changes.

Yup.. you need to attach its logfile

Just copy/paste the log into a Notepad, save it to your Desktop and attach it here..

By the way, please do the given instruction