Malware taken over PC Options

[cece]

Hello,

Our PC has been infected by malware/virus, causing programs to always spontaneously shut down. I have followed the instructions in the post "Before Posting a HijackThis Log".

Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:27:06 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oobe\2740\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: OaE??a - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://blank.la/?h (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: yzztimsn.dll
O23 - Service: 7806B - Unknown owner - C:\WINDOWS\system32\7806B.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: operion - Unknown owner - C:\WINDOWS\system32\viscvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

--------------------------------------------------------------------------------------------------------------

and my Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.17
Database version: 855

1:12:03 PM 6/14/2008
mbam-log-6-14-2008 (13-12-03).txt

Scan type: Quick Scan
Objects scanned: 174758
Time elapsed: 44 minute(s), 5 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 31
Registry Keys Infected: 126
Registry Values Infected: 32
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 247

Memory Processes Infected:
C:\WINDOWS\system32\HBmhly.exe (Spyware.OnlineGames) -> Unloaded process successfully.
C:\WINDOWS\system32\winxpplay.exe (Spyware.Banker) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\cdwqfs.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\jfrwdh.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zgxfdx.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\rfdswc.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\hfrdzx.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\wrqszl.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\wyhesm.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\cedafb.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zdesfx.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\wyrsdj.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\hhrdxd.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\sgrefg.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zgfdet.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\tdffdl.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yzztimsn.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zxmscwin.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zptlcsys.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mpmydapi.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mndhddwd.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zywmfime.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mndsfsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ypdjfbmp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mpwdeapi.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mnmhgsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\winxpshow.dll (Trojan.Downloader) -> Unloaded module successfully.
C:\WINDOWS\system32\Nessery.dll (Trojan.Clicker) -> Unloaded module successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2134.dll (Adware.Agent) -> Unloaded module successfully.
C:\Program Files\Common Files\CPUSH\cpush0.dll (Trojan.Clicker) -> Unloaded module successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (Trojan.Yigather) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{011db9b9-44b4-44d9-b17e-bc7608f2e549} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{841529cb-7f77-4b99-a895-b5441e0d302f} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6e6ca8a1-81bc-4707-a54c-f4903dd70bad} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{461d2ab4-29a5-45c2-9134-d52272d3de38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f99defdd-200b-4410-b572-e90883d527d2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb71e0b3-e97d-4d30-8733-e28266467617} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e51c0fd-ee36-434b-ad2a-fd1ff3731c38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{28eb3777-3e23-4e72-8449-a992d09d24c3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c0595a7e-2e2f-4b34-a83a-019270a0a464} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\servicewinxphelp (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\servicewinxphelp (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicewinxphelp (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4629ff4f-acdb-5c90-a098-facb3456a264} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{4629ff4f-acdb-5c90-a098-facb3456a264} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4629ff4f-acdb-5c90-a098-facb3456a264} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4c648541-1025-9650-9057-6541258720c4} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{4c648541-1025-9650-9057-6541258720c4} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c648541-1025-9650-9057-6541258720c4} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6319a1f1-9410-9654-3201-345ffa349136} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{6319a1f1-9410-9654-3201-345ffa349136} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6319a1f1-9410-9654-3201-345ffa349136} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{67fd640a-158f-48ac-fd14-1597f14a9776} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{67fd640a-158f-48ac-fd14-1597f14a9776} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67fd640a-158f-48ac-fd14-1597f14a9776} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{81954fac-1023-154f-895a-1458258ad818} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{81954fac-1023-154f-895a-1458258ad818} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81954fac-1023-154f-895a-1458258ad818} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{10fdce1e-c36a-474e-808e-248c51693db7} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10fdce1e-c36a-474e-808e-248c51693db7} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a59145f-315d-bc23-ac1f-145df81a34a9} (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{9a59145f-315d-bc23-ac1f-145df81a34a9} (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a59145f-315d-bc23-ac1f-145df81a34a9} (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{365676ab-e92e-4d87-a735-17aee185e0e1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{930e11ea-3a91-4fbb-b141-dc53df650dff} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ckbho_2.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ckbho_2.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6c8d1401-a58d-a81c-cd24-a5915c4517c6} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{6c8d1401-a58d-a81c-cd24-a5915c4517c6} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c8d1401-a58d-a81c-cd24-a5915c4517c6} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3342887-aab1-428c-90c6-642be0b6cffe} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e6bec792-a39d-4512-aa44-41627908dc2e} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{986488af-13d5-9ddf-4fef-9fb88698cfc1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986488af-13d5-9ddf-4fef-9fb88698cfc1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06926b30-424e-4f1c-8ee3-543cd96573dc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nevwbobomediazpop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nevwbobomediazpop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newcocomediazpop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newcocomediazpop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nevwpoopuppushad.aslogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nevwpoopuppushad.aslogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newpuopopzad.anlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newpuopopzad.anlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nessery (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nessery (Trojan.Clicker) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contentmatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\windowsupdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\windowsupdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windowsupdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apcdli (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntptdb (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediazPop.PopCoco (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediazPop.PopCoco.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Webbrowser.browser (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Webbrowser.browser.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Yiqilai (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\apcdli (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\apcdli (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\newpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntptdb (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ntptdb (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{011db9b9-44b4-44d9-b17e-bc7608f2e549} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{841529cb-7f77-4b99-a895-b5441e0d302f} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6e6ca8a1-81bc-4707-a54c-f4903dd70bad} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{461d2ab4-29a5-45c2-9134-d52272d3de38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f99defdd-200b-4410-b572-e90883d527d2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{eb71e0b3-e97d-4d30-8733-e28266467617} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1e51c0fd-ee36-434b-ad2a-fd1ff3731c38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28eb3777-3e23-4e72-8449-a992d09d24c3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c0595a7e-2e2f-4b34-a83a-019270a0a464} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBmhly (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4629ff4f-acdb-5c90-a098-facb3456a264} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4c648541-1025-9650-9057-6541258720c4} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6319a1f1-9410-9654-3201-345ffa349136} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{67fd640a-158f-48ac-fd14-1597f14a9776} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{81954fac-1023-154f-895a-1458258ad818} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9a59145f-315d-bc23-ac1f-145df81a34a9} (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c8d1401-a58d-a81c-cd24-a5915c4517c6} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{06926b30-424e-4f1c-8ee3-543cd96573dc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSysM (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\svchust.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe winxphelp.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Common Files\CPUSH (Adware.CPush) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools (Trojan.Yigather) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\cdwqfs.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\jfrwdh.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zgxfdx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\rfdswc.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\hfrdzx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\wrqszl.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\wyhesm.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\cedafb.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zdesfx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\wyrsdj.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\hhrdxd.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\sgrefg.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zgfdet.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\tdffdl.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yzztimsn.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\HBmhly.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winxpplay.exe (Spyware.Banker) -> Delete on reboot.
C:\WINDOWS\system32\zxmscwin.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zptlcsys.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mpmydapi.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mndhddwd.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zywmfime.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mndsfsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ypdjfbmp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mpwdeapi.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mnmhgsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\winxpshow.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\Nessery.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2134.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CPUSH\cpush0.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\GLK2.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\GLK3.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\GLK4.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\GLK6.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\GLK7.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\GLK8.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f16.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f17.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f18.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f19.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f1A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f1B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f1C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f1D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f1E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f1F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f20.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f21.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f22.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f23.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f24.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f25.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f26.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f27.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f28.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f29.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f2A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f2B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f2C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f2D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f2E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f2F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f30.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f31.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f32.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f33.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f34.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f35.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f36.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f37.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f38.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f39.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f3A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f3B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f3C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f3D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f3E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f3F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f40.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f41.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f42.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f43.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f44.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f45.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f46.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f47.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f48.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f49.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f4A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f4B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f4C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f4D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f4E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f4F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f50.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f51.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f52.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f53.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f54.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f55.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f56.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f57.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f58.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f5A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f5B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f5C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f5D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f5E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f5F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f60.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f61.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f62.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f63.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f64.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f65.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f66.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f67.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f69.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f6A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f6B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f6C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f6D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f6E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f6F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f70.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f71.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f72.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f73.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f74.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f75.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f76.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f77.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f78.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f79.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f7B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f7C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f7D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f7E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f7F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f80.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f81.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f82.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f83.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f85.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f86.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f87.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f88.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f89.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f8A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f8C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f8D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f8E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f8F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f90.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f91.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f92.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f93.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f94.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f95.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f97.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f98.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f99.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f9A.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f9B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f9C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f9D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~f9F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA0.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA1.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA2.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA3.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA4.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA5.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA6.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA7.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA8.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fA9.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fAA.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fAB.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fAD.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fAE.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fAF.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB0.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB1.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB2.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB3.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB4.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB5.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB7.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB8.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fB9.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fBA.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fBB.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fBC.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fBD.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fBE.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\~fBF.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aitlasys.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axmsawin.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azwmaime.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azzxaime.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cinmon.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxgy16.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isdsasrv.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ismhasrv.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Mouer.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Nesery.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Nessery.sys (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obco16.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqfs16.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pldhadwd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sevq16.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\simyaapi.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\siwdaapi.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winxphelp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zaztamsn.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zsdjabmp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxcsahlp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\winxphelp.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\winxpplay.sys (Spyware.Banker) -> Delete on reboot.
C:\WINDOWS\system32\drivers\winxpshow.sys (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\25249.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\39021.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\41675.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\6130.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODZ6GKCV\wyf[1].css (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CPUSH\Uninst.exe (Adware.CPush) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchust.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tcpip.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloader.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\acpidisk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3d1caps.SRG (Stolen.Data) -> Quarantined and deleted successfully.
C:\Documents and Settings\a\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\tempaq (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Favorites\珨懂秞氈扦.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Favorites\珨懂秞氈扦.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\SYSTEM\ntptdb.sys (Trojan.Agent) -> Quarantined and deleted s

---------------------------------------------------------------------------------------------------------

Any help on this would be greatly appreciated! Thanks very much!!

-cece

[shelf life]

hi,

we will get another download. runs in safe mode only:

Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

[cece]

Thanks for your reply, shelf life!

Here is the Report.txt:


SDFix: Version 1.193
Run by a on 06/16/2008 Mon at 07:56 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted
C:\WINDOWS\system32\4.exe - Deleted
C:\WINDOWS\system32\6.exe - Deleted
C:\WINDOWS\system32\7.exe - Deleted
C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\Temp\temp.dat - Deleted


Could Not Remove C:\WINDOWS\system32\explorer.exe



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 20:07:12
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwEnumerateValueKey, ZwQuerySystemInformation

scanning hidden processes ...

C:\WINDOWS\system32\msgeg.exe [860] 0x83EB6710
C:\Program Files\Internet Explorer\IEXPLORE.EXE [1448] 0x84145768

scanning hidden services & system hive ...

IPC error: 2 The system cannot find the file specified.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msyaxk]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"C:\WINDOWS\system32\msgeg.exe"
"DisplayName"="IE Security Service"
"ObjectName"="LocalSystem"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msyaxk]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"C:\WINDOWS\system32\msgeg.exe"
"DisplayName"="IE Security Service"
"ObjectName"="LocalSystem"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Adobe?Photoshop?Album Starter Edition 3.2]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,00,fe,00,00,00,00,00,b4,13,7d,e3,74,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath"="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2]
"DisplayName"="Adobe\xae Photoshop\xae Album Starter Edition 3.2"
"URLUpdateInfo"="http://www.adobe.com/products/photoshopelwin/main.html"
"URLInfoAbout"="http://www.adobe.com"
"UninstallString"=str(2):"MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}"
"Size"=""
"Readme"=str(2):"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\readme.txt"
"Publisher"="http://www.adobe.com"
"InstallDate"=""
"HelpTelephone"=""
"HelpLink"=""
"DisplayVersion"="3.2.0"
"Contact"=""
"Comments"=""
"AuthorizedCDFPrefix"=""
"RegEulaAccepted"="0"
"PSASEVersion"="3.2.0"
"SEOEMName"=""
"PSASEVersionUpdate"="0"
"DisplayIcon"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\Photoshop Album Starter Edition.exe,-111"
"InstallLocation"="C:\Program Files\Adobe\Photoshop Album Starter Edition\"
"InstallPath"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps"

scanning hidden files ...

C:\WINDOWS\system32\msgeg.dll 107008 bytes executable
C:\WINDOWS\system32\msgeg.exe 147968 bytes executable
C:\WINDOWS\system32\msgega.dll 221184 bytes executable

scan completed successfully
hidden processes: 2
hidden services: 1
hidden files: 3


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\oobe\\2108\\svchost.exe"="C:\\WINDOWS\\system32\\oobe\\2108\\svchost.exe:*:Enabled:svchost"
"C:\\WINDOWS\\system32\\oobe\\7235\\svchost.exe"="C:\\WINDOWS\\system32\\oobe\\7235\\svchost.exe:*:Enabled:svchost"
"C:\\WINDOWS\\system32\\oobe\\2740\\svchost.exe"="C:\\WINDOWS\\system32\\oobe\\2740\\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

C:\WINDOWS\system32\explorer.exe Found
C:\WINDOWS\Temp\temp.dat Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 2 Jun 2008 48,531 A.SH. --- "C:\WINDOWS\49400MM.DLL"
Mon 16 Jun 2008 98,304 ...H. --- "C:\WINDOWS\system32\1E7E7.exe"
Sat 7 Aug 2004 16,651 ..SH. --- "C:\WINDOWS\system32\aitlasys.exe"
Sat 7 Aug 2004 16,727 ..SH. --- "C:\WINDOWS\system32\azwmaime.exe"
Mon 16 Jun 2008 229,376 A..H. --- "C:\WINDOWS\system32\cedafb.dll"
Sat 7 Aug 2004 10,920 ..SH. --- "C:\WINDOWS\system32\fstlbsys.sys"
Sat 7 Aug 2004 10,920 ..SH. --- "C:\WINDOWS\system32\fxwmbime.sys"
Sun 8 Aug 2004 5,200 ..SH. --- "C:\WINDOWS\system32\fxzxbime.sys"
Sun 8 Aug 2004 5,720 ..SH. --- "C:\WINDOWS\system32\fzmsbwin.sys"
Sat 7 Aug 2004 1,560 ..SH. --- "C:\WINDOWS\system32\gsdhadwd.sys"
Mon 16 Jun 2008 232,960 A..H. --- "C:\WINDOWS\system32\hhrdxd.dll"
Sat 7 Aug 2004 17,476 ..SH. --- "C:\WINDOWS\system32\ismhasrv.exe"
Mon 16 Jun 2008 222,208 A..H. --- "C:\WINDOWS\system32\jfrwdh.dll"
Sat 7 Aug 2004 536,072 ..SH. --- "C:\WINDOWS\system32\mndhedwd.dll"
Sat 7 Aug 2004 538,120 ..SH. --- "C:\WINDOWS\system32\mnmhgsrv.dll"
Sat 7 Aug 2004 537,096 ..SH. --- "C:\WINDOWS\system32\mpmyfapi.dll"
Sat 7 Aug 2004 537,608 ..SH. --- "C:\WINDOWS\system32\mpwdeapi.dll"
Sun 6 Jun 2004 107,008 ..SHR --- "C:\WINDOWS\system32\msgeg.dll"
Sun 6 Jun 2004 147,968 ..SHR --- "C:\WINDOWS\system32\msgeg.exe"
Sun 6 Jun 2004 221,184 ..SHR --- "C:\WINDOWS\system32\msgega.dll"
Sat 7 Aug 2004 16,512 ..SH. --- "C:\WINDOWS\system32\pldhadwd.exe"
Mon 16 Jun 2008 254,464 A..H. --- "C:\WINDOWS\system32\rfdswc.dll"
Mon 16 Jun 2008 218,624 A..H. --- "C:\WINDOWS\system32\sgrefg.dll"
Sat 7 Aug 2004 16,960 ..SH. --- "C:\WINDOWS\system32\simyaapi.exe"
Sat 7 Aug 2004 16,851 ..SH. --- "C:\WINDOWS\system32\siwdaapi.exe"
Sun 8 Aug 2004 520 ..SH. --- "C:\WINDOWS\system32\smdsbsrv.sys"
Sat 7 Aug 2004 1,560 ..SH. --- "C:\WINDOWS\system32\smmhbsrv.sys"
Sat 7 Aug 2004 10,920 ..SH. --- "C:\WINDOWS\system32\spmybapi.sys"
Sat 7 Aug 2004 10,920 ..SH. --- "C:\WINDOWS\system32\spwdbapi.sys"
Mon 8 Jan 2007 40,448 ..SH. --- "C:\WINDOWS\system32\wqajne.dll"
Mon 16 Jun 2008 225,792 A..H. --- "C:\WINDOWS\system32\wrqszl.dll"
Mon 16 Jun 2008 225,792 A..H. --- "C:\WINDOWS\system32\wyrsdj.dll"
Mon 16 Jun 2008 261,632 A..H. --- "C:\WINDOWS\system32\wzcfsw.dll"
Sat 7 Aug 2004 1,040 ..SH. --- "C:\WINDOWS\system32\xfztbmsn.sys"
Sun 8 Aug 2004 4,680 ..SH. --- "C:\WINDOWS\system32\xsdjbbmp.sys"
Sun 8 Aug 2004 520 ..SH. --- "C:\WINDOWS\system32\xzcsbhlp.sys"
Sat 7 Aug 2004 536,072 ..SH. --- "C:\WINDOWS\system32\yzztimsn.dll"
Sat 7 Aug 2004 16,361 ..SH. --- "C:\WINDOWS\system32\zaztamsn.exe"
Mon 16 Jun 2008 218,624 A..H. --- "C:\WINDOWS\system32\zdesfx.dll"
Mon 16 Jun 2008 225,792 A..H. --- "C:\WINDOWS\system32\zgxfdx.dll"
Sat 7 Aug 2004 536,072 ..SH. --- "C:\WINDOWS\system32\zptlcsys.dll"
Sat 7 Aug 2004 538,120 ..SH. --- "C:\WINDOWS\system32\zywmgime.dll"
Mon 16 Jun 2008 261,632 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~f5.tmp"
Mon 16 Jun 2008 232,960 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~f6.tmp"
Mon 16 Jun 2008 218,624 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~f7.tmp"
Mon 16 Jun 2008 225,792 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~f8.tmp"
Mon 16 Jun 2008 225,792 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~f9.tmp"
Mon 16 Jun 2008 229,376 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~fA.tmp"
Mon 16 Jun 2008 218,624 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~fB.tmp"
Mon 16 Jun 2008 225,792 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~fC.tmp"
Mon 16 Jun 2008 254,464 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~fD.tmp"
Mon 16 Jun 2008 222,208 A..H. --- "C:\Documents and Settings\a\Local Settings\Temp\~fE.tmp"

Finished!

-------------------------------------------------------------------------------------------------

and here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:25 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: mpwdeapi.dll - {55694105-5108-9405-3695-954187462155} - C:\WINDOWS\system32\mpwdeapi.dll
O2 - BHO: mndhedwd.dll - {5C648541-1025-9650-9057-6541258720C5} - C:\WINDOWS\system32\mndhedwd.dll
O2 - BHO: mpmyfapi.dll - {6629FF4F-ACDB-5C90-A098-FACB3456A266} - C:\WINDOWS\system32\mpmyfapi.dll
O2 - BHO: zywmgime.dll - {7319A1F1-9410-9654-3201-345FFA349137} - C:\WINDOWS\system32\zywmgime.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: OaE??a - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://blank.la/?h (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: yzztimsn.dll
O23 - Service: 7806B - Unknown owner - C:\WINDOWS\system32\7806B.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: operion - Unknown owner - C:\WINDOWS\system32\viscvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[shelf life]

hi cece

not good.still loaded.
i would use the computer as little as possible on the internet. only to get a download (below) to use, then pull the plug on your modem/router so you dont have any connectivity.


copy (Ctrl C) and paste (Ctrl V) the text in the code box below to Notepad. Save it as "All Files" and name it fix.bat Please save it on your desktop.

CODE

sc stop 70806B
sc delete 70806B
sc stop operion
sc delete operion
exit

Double click Fix.bat. on your desktop A window will open and close.

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll

O2 - BHO: mpwdeapi.dll - {55694105-5108-9405-3695-954187462155} - C:\WINDOWS\system32\mpwdeapi.dll
O2 - BHO: mndhedwd.dll - {5C648541-1025-9650-9057-6541258720C5} - C:\WINDOWS\system32\mndhedwd.dll
O2 - BHO: mpmyfapi.dll - {6629FF4F-ACDB-5C90-A098-FACB3456A266} - C:\WINDOWS\system32\mpmyfapi.dll
O2 - BHO: zywmgime.dll - {7319A1F1-9410-9654-3201-345FFA349137} - C:\WINDOWS\system32\zywmgime.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: (no name) - {85CF4327-68DE-1974-B32E-766E84A9706C} - C:\WINDOWS\wcidBHO.dll
O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll
O20 - AppInit_DLLs: yzztimsn.dll
O23 - Service: 7806B - Unknown owner - C:\WINDOWS\system32\7806B.exe
O23 - Service: operion - Unknown owner - C:\WINDOWS\system32\viscvc.exe
---------------------------------------------
next:

download combofix, then remove your connectivity to the internet and follow the rest of this:

Download combofix from one of these links and save it to your Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

post the combofix log and a new hjt log.

[cece]

Here they are:

Combofix log:

ComboFix 08-06-16.5 - a 2008-06-18 1:40:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1033.18.166 [GMT -7:00]
Running from: C:\Documents and Settings\a\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\msgeg.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\a\Application Data\macromedia\Flash Player\#SharedObjects\PW64YALC\iforex.com
C:\Documents and Settings\a\Application Data\macromedia\Flash Player\#SharedObjects\PW64YALC\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\a\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\a\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\__fdkfjfjgjitijk
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\_checkloader
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\_inifid
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\_inifiletime3
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\_inimac
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\_kdacoptfg
C:\Documents and Settings\a\Local Settings\Temporary Internet Files\_loaderfiletime2
C:\Documents and Settings\All Users\Application Data\microsoft\office\system
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\url1.exe
C:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\url2.exe
C:\Documents and Settings\All Users\Application Data\microsoft\pctools
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\LocalService\Favorites\梑善123厙硊絳瑤.url
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\__fdkfjfjgjitijk
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inifid
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inifiletime3
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inimac
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_kdacoptfg
C:\Documents and Settings\NetworkService\Favorites\梑善123厙硊絳瑤.url
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\__fdkfjfjgjitijk
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\_inifid
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\_inifiletime3
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\_inimac
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\_kdacoptfg
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\1033\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1033\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\Desktop_.ini
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\Desktop_.ini
C:\MSOCache\All Users\Desktop_.ini
C:\MSOCache\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Help\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Help\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\JavaScripts\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\Legal\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\Optional\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\InterTrust\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Movie\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WEBBUY\HTML\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Reader\SPPlugins\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Resource\CMap\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Resource\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Resource\Font\Desktop_.ini
C:\Program Files\Adobe\Acrobat 5.0\Resource\Font\PFM\Desktop_.ini
C:\Program Files\Adobe\Desktop_.ini
C:\Program Files\C-Media 3D Audio\Desktop_.ini
C:\Program Files\C-Media 3D Audio\Driver\Advance\Desktop_.ini
C:\Program Files\C-Media 3D Audio\Driver\Advance\MUSIC\Desktop_.ini
C:\Program Files\C-Media 3D Audio\Driver\Desktop_.ini
C:\Program Files\C-Media 3D Audio\Driver\Win\Desktop_.ini
C:\Program Files\Common Files\cpush
C:\Program Files\Common Files\cpush\cpush1.dll
C:\Program Files\Common Files\cpush\Uninst.exe
C:\Program Files\Common Files\Real\visualizations\real_vis_yqllyrics.rpv
C:\Program Files\Desktop_.ini
C:\Program Files\EPSON\Desktop_.ini
C:\Program Files\EPSON\EPSON Stylus C62 Series\Desktop_.ini
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Desktop_.ini
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\Desktop_.ini
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Signatures\Desktop_.ini
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Translations\Desktop_.ini
C:\Program Files\Grisoft\Desktop_.ini
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Desktop_.ini
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Lang\Desktop_.ini
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins\Desktop_.ini
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Desktop_.ini
C:\Program Files\Lavasoft\Desktop_.ini
C:\Program Files\Microsoft ActiveSync\Desktop_.ini
C:\Program Files\Microsoft Office\CLIPART\Desktop_.ini
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Desktop_.ini
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\Desktop_.ini
C:\Program Files\Microsoft Office\CLIPART\Publisher\Desktop_.ini
C:\Program Files\Microsoft Office\Desktop_.ini
C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\Desktop_.ini
C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\Desktop_.ini
C:\Program Files\Microsoft Office\MEDIA\Desktop_.ini
C:\Program Files\Microsoft Office\MEDIA\OFFICE11\1033\Desktop_.ini
C:\Program Files\Microsoft Office\MEDIA\OFFICE11\AUTOSHAP\Desktop_.ini
C:\Program Files\Microsoft Office\MEDIA\OFFICE11\BULLETS\Desktop_.ini
C:\Program Files\Microsoft Office\MEDIA\OFFICE11\Desktop_.ini
C:\Program Files\Microsoft Office\MEDIA\OFFICE11\LINES\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\011\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\BOTSTYLE\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\DataServices\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\PUBBRD\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\PUBFTSCM\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\PUBSPAPR\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\PUBWIZ\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1036\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\3082\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\AccessWeb\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\ADDINS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\BITMAPS\DBWIZ\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\BITMAPS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\BITMAPS\STYLES\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\BORDERS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\CONVERT\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\CONVERT\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\FORMS\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\FORMS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\XMLLINKS\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\XMLLINKS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\INFFORMS\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\INFFORMS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Library\Analysis\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Library\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Library\SOLVER\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\MACROS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\MEDIA\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Migration\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\QUERIES\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\INFOPATH\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\HTML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\XML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\XLATORS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\XLSTART\Desktop_.ini
C:\Program Files\Microsoft Office\Stationery\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Stationery\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\1033\FAX\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\MseNewFileItems\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\Presentation Designs\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\COMMON\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\COMMON\IDE\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\COMMON\IDE\IDE98\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Desktop_.ini
C:\Program Files\Microsoft Works\1033\Desktop_.ini
C:\Program Files\Microsoft Works\Desktop_.ini
C:\Program Files\Microsoft.NET\Desktop_.ini
C:\Program Files\Microsoft.NET\Primary Interop Assemblies\Desktop_.ini
C:\Program Files\MSN Gaming Zone\Desktop_.ini
C:\Program Files\Norton AntiVirus\Desktop_.ini
C:\Program Files\Norton AntiVirus\IWP\Desktop_.ini
C:\Program Files\Online Services\Desktop_.ini
C:\Program Files\Softwin\BitDefender8\_enHTML\Desktop_.ini
C:\Program Files\Softwin\BitDefender8\Desktop_.ini
C:\Program Files\Softwin\BitDefender8\Ini\Default\Desktop_.ini
C:\Program Files\Softwin\BitDefender8\Ini\Desktop_.ini
C:\Program Files\Softwin\BitDefender8\Skin\Default\Desktop_.ini
C:\Program Files\Softwin\BitDefender8\Skin\Desktop_.ini
C:\Program Files\Softwin\BitDefender8\Skin\Grey\Desktop_.ini
C:\Program Files\Softwin\BitDefender8\Skin\Ochre\Desktop_.ini
C:\Program Files\Softwin\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Dummies\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Help\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Includes\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Languages\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Plugins\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Skins\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Updates\Desktop_.ini
C:\Program Files\Uninstall Information\Desktop_.ini
C:\Program Files\VIA\Desktop_.ini
C:\Program Files\VIA\UChromeP\Desktop_.ini
C:\Program Files\WinRAR\Desktop_.ini
C:\Program Files\WinRAR\Formats\Desktop_.ini
C:\Program Files\xerox\Desktop_.ini
C:\Program Files\xerox\nwwia\Desktop_.ini
C:\QuickTax 2005\CRA NETFILE\Desktop_.ini
C:\QuickTax 2005\Desktop_.ini
C:\QuickTax 2005\QT2005\Desktop_.ini
C:\QuickTax 2005\QT2005\inet\atr\Desktop_.ini
C:\QuickTax 2005\QT2005\inet\Desktop_.ini
C:\QuickTax 2005\QT2005\inet\localweb\Desktop_.ini
C:\QuickTax 2005\QT2005\inet\localweb\images\Desktop_.ini
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\Desktop_.ini
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\images\Desktop_.ini
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\js\Desktop_.ini
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\styles\Desktop_.ini
C:\QuickTax 2005\QT2005\Resource\Desktop_.ini
C:\QuickTax 2005\QT2005\Scenario\Desktop_.ini
C:\QuickTax 2005\QT2005\TaxLink\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\ccra_t1\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\ccra_t1_ui\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\ccraforms\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\ccraforms_ui\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\easystep\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\filing\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\glossary\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\guides_bus\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\guides_oth\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\image\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\manual\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\mrq_tp1\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\mrqforms\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\mrqforms_ui\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\province\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\qtax20xx\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\step_help\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\taxtips\Desktop_.ini
C:\QuickTax 2005\QT2005\updates\tslips\Desktop_.ini
C:\QuickTax 2005\QT2005\Utils\Desktop_.ini
C:\RECYCLER\Desktop_.ini
C:\WINDOWS\49400MM.DLL
C:\WINDOWS\ca073f9201.dll
C:\WINDOWS\KB611311.log
C:\WINDOWS\scvhost.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\20736bcd01.dll
C:\WINDOWS\system32\977330c100.dll
C:\WINDOWS\system32\aduio.sys
C:\WINDOWS\system32\aitlasys.exe
C:\WINDOWS\system32\azwmaime.exe
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\discard.ini
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\HBKernel.sys
C:\WINDOWS\system32\drivers\usbme.sys
C:\WINDOWS\system32\etcpip.sys
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fxwmbime.sys
C:\WINDOWS\system32\fxzxbime.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gsdhadwd.sys
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\Huiln.ini
C:\WINDOWS\system32\instalflash.dll
C:\WINDOWS\system32\INTAHO.DLL
C:\WINDOWS\system32\ismhasrv.exe
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\mnmhgsrv.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mpwdeapi.dll
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\oobe\2740
C:\WINDOWS\system32\oobe\2740\svchost.exe
C:\WINDOWS\system32\operion.dll
C:\WINDOWS\system32\pldhadwd.exe
C:\WINDOWS\system32\pzwmaime.sys
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\sgrefg.dll
C:\WINDOWS\system32\sichost.exe
C:\WINDOWS\system32\simyaapi.exe
C:\WINDOWS\system32\siwdaapi.exe
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\sovlost.exe
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\syswine.ini
C:\WINDOWS\system32\tcpip.sys
C:\WINDOWS\system32\wbem\CHNTAGMSYELQXOV.MDA
C:\WINDOWS\system32\wrqszl.dll
C:\WINDOWS\system32\wyrsdj.dll
C:\WINDOWS\system32\wzcfsw.dll
C:\WINDOWS\system32\XCJPXDKPWCIO.DLL
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xpdhcp.dll
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\yzztimsn.dll
C:\WINDOWS\system32\zaztamsn.exe
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\zptlcsys.dll
C:\WINDOWS\TEMP\~my1.tmp
C:\WINDOWS\tempaq

Infected copy of C:\WINDOWS\explorer.exe was found & disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\explorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_APCDLI
-------\Legacy_CELINDRV
-------\Legacy_HBKERNEL
-------\Legacy_MSYAXK
-------\Legacy_NESSERY
-------\Legacy_NTPTDB
-------\Legacy_SERVICEWINXPHELP
-------\Legacy_WINDHCPSVC
-------\Legacy_WINXPDHCPSVC
-------\Service_acpidisk
-------\Service_HBKernel
-------\Service_msyaxk
-------\Service_Nessery
-------\Service_RESSDT
-------\Service_WinDHCPsvc
-------\Service_WinXPDHCPsvc


((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-16 19:47 . 2008-06-16 19:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-16 19:44 . 2008-06-16 20:10 <DIR> d-------- C:\SDFix
2008-06-16 19:40 . 2008-06-18 01:27 218,624 --ah----- C:\WINDOWS\system32\zdesfx.dll
2008-06-14 12:24 . 2008-06-14 12:24 <DIR> d-------- C:\Documents and Settings\a\Application Data\Malwarebytes
2008-06-14 12:23 . 2008-06-14 12:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 12:23 . 2008-06-14 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 12:23 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 12:23 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 12:21 . 2008-06-14 12:21 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-14 11:57 . 2008-06-18 01:22 130,855 --a------ C:\WINDOWS\system32\c3.exe
2008-06-11 20:11 . 2008-06-18 01:22 38,400 --a------ C:\WINDOWS\system32\c9.exe
2008-06-11 20:10 . 2008-06-11 20:10 130,624 --a------ C:\WINDOWS\system32\c5.exe
2008-06-11 20:09 . 2008-06-14 11:54 800 --a------ C:\WINDOWS\system32\EAduio.sys
2008-06-11 10:24 . 2008-06-14 13:45 689 --a------ C:\WINDOWS\system32\wcbnurect.fl
2008-06-11 09:51 . 2008-06-18 01:22 174,222 --a------ C:\WINDOWS\system32\c1.exe
2008-06-11 09:51 . 2008-06-18 01:22 24,576 --a------ C:\WINDOWS\system32\c8.exe
2008-06-11 09:33 . 2008-06-11 09:33 57,547 --a------ C:\WINDOWS\system32\Monbem.dat
2008-06-11 09:33 . 2008-06-14 13:07 556 --a------ C:\WINDOWS\system32\LRWDLRX.LDO
2008-06-11 09:33 . 2004-08-07 13:00 190 --a------ C:\WINDOWS\system32\icoshellocs.ocx
2008-06-11 09:29 . 2008-06-11 09:29 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-11 09:28 . 2008-06-11 09:28 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-11 09:28 . 2008-06-18 01:20 98,304 ---h----- C:\WINDOWS\system32\1E7E7.exe
2008-06-11 09:28 . 2008-06-14 13:07 1,289 --a------ C:\WINDOWS\system32\s0Ds71kg.dll
2008-06-11 09:27 . 2008-06-11 09:27 <DIR> d-------- C:\WINDOWS\system32\Data
2008-06-11 09:27 . 2008-06-11 09:27 94,208 --a------ C:\WINDOWS\system32\7806B.exe
2008-06-11 09:26 . 2008-06-18 01:21 284 --a------ C:\WINDOWS\system32\pagefiles.sys
2008-06-11 09:25 . 2008-06-14 11:53 34,816 --a------ C:\WINDOWS\system32\windowsupdata.dll
2008-06-11 09:25 . 2008-06-14 11:55 18,393 --a------ C:\WINDOWS\system32\viscvc.exe
2008-06-05 18:54 . 2008-06-05 18:54 8 --a------ C:\WINDOWS\system32\Update.dat
2008-06-05 13:04 . 2008-06-05 13:04 <DIR> d-------- C:\Program Files\WebEx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 08:42 --------- d-----w C:\Program Files\VIA
2008-06-18 08:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-18 08:42 --------- d-----w C:\Program Files\Softwin
2008-06-18 08:42 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-18 08:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-18 08:42 --------- d-----w C:\Program Files\Microsoft Works
2008-06-18 08:41 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-18 08:41 --------- d-----w C:\Program Files\Lavasoft
2008-06-18 08:41 --------- d-----w C:\Program Files\EPSON
2008-06-18 08:41 --------- d-----w C:\Program Files\C-Media 3D Audio
2008-06-18 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-06-14 19:04 14 ----a-w C:\Documents and Settings\a\getfile.dat
2008-04-20 22:27 --------- d-----w C:\Program Files\Java
2007-06-03 18:59 9 ----a-w C:\Program Files\Statement.DailyMonthlyStatement
2007-06-02 03:34 12,336,288 ----a-w C:\Program Files\tws40_install.exe
2007-01-09 05:51 2,948 ----a-w C:\Program Files\Report-Scan-20070108-215042.txt
2007-01-09 04:41 47,104 ----a-w C:\Program Files\ATF-Cleaner.exe
2007-01-09 04:39 6,469,352 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2007-01-09 03:57 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2007-01-09 03:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-12-13 05:33 13,817,440 ----a-w C:\Program Files\bitdefender_free_v8.exe
2006-06-04 03:24 102,400 ----a-w C:\Documents and Settings\a\com_securenetasia_p11wrapper2.dll
2005-11-26 07:10 5,529,600 ----a-w C:\Program Files\mplayerc.exe
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2004-08-08 02:39 536,072 --sh--w C:\WINDOWS\system32\mndhedwd.dll
2004-08-08 02:39 537,096 --sh--w C:\WINDOWS\system32\mpmyfapi.dll
2004-06-06 21:13 147,968 --sh--r C:\WINDOWS\system32\msgeg.exe
2004-06-06 21:13 221,184 --sh--r C:\WINDOWS\system32\msgega.dll
2004-08-08 14:26 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2007-01-09 04:51 40,448 --sh--w C:\WINDOWS\system32\wqajne.dll
2004-08-08 14:26 4,680 --sh--w C:\WINDOWS\system32\xsdjbbmp.sys
2004-08-08 02:40 538,120 --sh--w C:\WINDOWS\system32\zywmgime.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C648541-1025-9650-9057-6541258720C5}]
2004-08-07 19:39 536072 ---hs---- C:\WINDOWS\system32\mndhedwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6629FF4F-ACDB-5C90-A098-FACB3456A266}]
2004-08-07 19:39 537096 ---hs---- C:\WINDOWS\system32\mpmyfapi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7319A1F1-9410-9654-3201-345FFA349137}]
2004-08-07 19:40 538120 ---hs---- C:\WINDOWS\system32\zywmgime.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2005-03-07 12:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 02:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 13:10 421888]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 13:19 8192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\a\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe [2007-06-01 20:35:27 194775]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5C648541-1025-9650-9057-6541258720C5}"= C:\WINDOWS\system32\mndhedwd.dll [2004-08-07 19:39 536072]
"{6629FF4F-ACDB-5C90-A098-FACB3456A266}"= C:\WINDOWS\system32\mpmyfapi.dll [2004-08-07 19:39 537096]
"{7319A1F1-9410-9654-3201-345FFA349137}"= C:\WINDOWS\system32\zywmgime.dll [2004-08-07 19:40 538120]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:\WINDOWS\system32\zdesfx.dll [2008-06-18 01:27 218624]
"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= C:\WINDOWS\system32\wyrsdj.dll [ ]
"{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}"= C:\WINDOWS\system32\zgxfdx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yzztimsn.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R2 bcvnsvc;Visual Studio Analyzer Remote bridge Helper Service;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 cstmsvc;Cryptographic Services Table Manager;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 MSPlugPlay;Windows Plug and Play;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S0 96779z;96779z;C:\WINDOWS\system32\drivers\96779z.sys [2004-08-04 00:56]
S0 yndev;ynde;C:\WINDOWS\system32\DRIVERS\yndev.sys [2004-08-04 00:56]
S4 7806B;7806B;C:\WINDOWS\system32\7806B.exe [2008-06-11 09:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
cstmsvc REG_MULTI_SZ cstmsvc
bcvnsvc REG_MULTI_SZ bcvnsvc
MSPlugPlay REG_MULTI_SZ MSPlugPlay

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 01:44:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-06-18 1:47:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 08:47:35

Pre-Run: 74,809,565,184 bytes free
Post-Run: 74,801,827,840 bytes free

466

----------------------------------------------------------------------------------------------------------

and the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:50:46 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: mndhedwd.dll - {5C648541-1025-9650-9057-6541258720C5} - C:\WINDOWS\system32\mndhedwd.dll
O2 - BHO: mpmyfapi.dll - {6629FF4F-ACDB-5C90-A098-FACB3456A266} - C:\WINDOWS\system32\mpmyfapi.dll
O2 - BHO: zywmgime.dll - {7319A1F1-9410-9654-3201-345FFA349137} - C:\WINDOWS\system32\zywmgime.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: yzztimsn.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[shelf life]

hi cece,

thanks for the info.how long as the machine been like this? first we will use combofix, the run malwarebytes again, then do a online scan

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:

CODE

File::
C:\WINDOWS\system32\1E7E7.exe
C:\WINDOWS\system32\s0Ds71kg.dll
C:\WINDOWS\system32\7806B.exe
C:\WINDOWS\system32\mndhedwd.dll
C:\WINDOWS\system32\mpmyfapi.dll
C:\WINDOWS\system32\wqajne.dll
C:\WINDOWS\system32\zywmgime.dll
C:\WINDOWS\system32\msgeg.exe
C:\WINDOWS\system32\msgega.dll
C:\WINDOWS\system32\zdesfx.dll
C:\WINDOWS\system32\yzztimsn.dll
C:\WINDOWS\system32\Monbem.dat

Registry:
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C648541-1025-9650-9057-6541258720C5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6629FF4F-ACDB-5C90-A098-FACB3456A266}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7319A1F1-9410-9654-3201-345FFA349137}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5C648541-1025-9650-9057-6541258720C5}"= -
"{6629FF4F-ACDB-5C90-A098-FACB3456A266}"= -
"{7319A1F1-9410-9654-3201-345FFA349137}"= -
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= -
"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= -
"{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}"= -
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log.

post the combofix log

next: re run malwarebytes post the log

next; we will do a online scan here , post the log
ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"///or # Do Not check the box Remove found threats
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

lets see what windows services are running also. go to start>run and type in cmd, click ok. at the prompt you can copy/paste whats in the code box below:

CODE

sc query > c:\services.txt & start notepad c:\services.txt

after pasting it in click enter, notepad will open with a list. copy/paste it in reply

so: new combofix log, malwarebytes log, online scan log and services list. whew!!

[cece]

Hi shelf life,

The PC has been like this since last week. Since then it has been used very minimally.

So here is the Combofix log:

ComboFix 08-06-16.5 - a 2008-06-18 22:27:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1033.18.164 [GMT -7:00]
Running from: C:\Documents and Settings\a\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\a\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\1E7E7.exe
C:\WINDOWS\system32\7806B.exe
C:\WINDOWS\system32\mndhedwd.dll
C:\WINDOWS\system32\Monbem.dat
C:\WINDOWS\system32\mpmyfapi.dll
C:\WINDOWS\system32\msgeg.exe
C:\WINDOWS\system32\msgega.dll
C:\WINDOWS\system32\s0Ds71kg.dll
C:\WINDOWS\system32\wqajne.dll
C:\WINDOWS\system32\yzztimsn.dll
C:\WINDOWS\system32\zdesfx.dll
C:\WINDOWS\system32\zywmgime.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\1E7E7.exe
C:\WINDOWS\system32\7806B.exe
C:\WINDOWS\system32\mndhedwd.dll
C:\WINDOWS\system32\Monbem.dat
C:\WINDOWS\system32\mpmyfapi.dll
C:\WINDOWS\system32\msgeg.exe
C:\WINDOWS\system32\msgega.dll
C:\WINDOWS\system32\pzwmaime.sys
C:\WINDOWS\system32\s0Ds71kg.dll
C:\WINDOWS\system32\wqajne.dll
C:\WINDOWS\system32\zdesfx.dll
C:\WINDOWS\system32\zywmgime.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_7806B
-------\Service_7806B


((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-18 22:30 . 2008-06-18 22:30 57,581 --a------ C:\WINDOWS\system32\Monbem.dat
2008-06-16 19:47 . 2008-06-16 19:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-16 19:44 . 2008-06-16 20:10 <DIR> d-------- C:\SDFix
2008-06-14 12:24 . 2008-06-14 12:24 <DIR> d-------- C:\Documents and Settings\a\Application Data\Malwarebytes
2008-06-14 12:23 . 2008-06-14 12:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 12:23 . 2008-06-14 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 12:23 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 12:23 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 12:21 . 2008-06-14 12:21 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-14 11:57 . 2008-06-18 01:22 130,855 --a------ C:\WINDOWS\system32\c3.exe
2008-06-11 20:11 . 2008-06-18 01:22 38,400 --a------ C:\WINDOWS\system32\c9.exe
2008-06-11 20:10 . 2008-06-11 20:10 130,624 --a------ C:\WINDOWS\system32\c5.exe
2008-06-11 20:09 . 2008-06-14 11:54 800 --a------ C:\WINDOWS\system32\EAduio.sys
2008-06-11 10:24 . 2008-06-14 13:45 689 --a------ C:\WINDOWS\system32\wcbnurect.fl
2008-06-11 09:51 . 2008-06-18 01:22 174,222 --a------ C:\WINDOWS\system32\c1.exe
2008-06-11 09:51 . 2008-06-18 01:22 24,576 --a------ C:\WINDOWS\system32\c8.exe
2008-06-11 09:33 . 2008-06-14 13:07 556 --a------ C:\WINDOWS\system32\LRWDLRX.LDO
2008-06-11 09:33 . 2004-08-07 13:00 299 --a------ C:\WINDOWS\system32\icoshellocs.ocx
2008-06-11 09:29 . 2008-06-11 09:29 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-11 09:28 . 2008-06-11 09:28 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-11 09:27 . 2008-06-11 09:27 <DIR> d-------- C:\WINDOWS\system32\Data
2008-06-11 09:26 . 2008-06-18 01:21 284 --a------ C:\WINDOWS\system32\pagefiles.sys
2008-06-11 09:25 . 2008-06-14 11:53 34,816 --a------ C:\WINDOWS\system32\windowsupdata.dll
2008-06-11 09:25 . 2008-06-14 11:55 18,393 --a------ C:\WINDOWS\system32\viscvc.exe
2008-06-05 18:54 . 2008-06-05 18:54 8 --a------ C:\WINDOWS\system32\Update.dat
2008-06-05 13:04 . 2008-06-05 13:04 <DIR> d-------- C:\Program Files\WebEx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 08:42 --------- d-----w C:\Program Files\VIA
2008-06-18 08:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-18 08:42 --------- d-----w C:\Program Files\Softwin
2008-06-18 08:42 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-18 08:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-18 08:42 --------- d-----w C:\Program Files\Microsoft Works
2008-06-18 08:41 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-18 08:41 --------- d-----w C:\Program Files\Lavasoft
2008-06-18 08:41 --------- d-----w C:\Program Files\EPSON
2008-06-18 08:41 --------- d-----w C:\Program Files\C-Media 3D Audio
2008-06-18 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-06-14 19:04 14 ----a-w C:\Documents and Settings\a\getfile.dat
2008-04-20 22:27 --------- d-----w C:\Program Files\Java
2007-06-03 18:59 9 ----a-w C:\Program Files\Statement.DailyMonthlyStatement
2007-06-02 03:34 12,336,288 ----a-w C:\Program Files\tws40_install.exe
2007-01-09 05:51 2,948 ----a-w C:\Program Files\Report-Scan-20070108-215042.txt
2007-01-09 04:41 47,104 ----a-w C:\Program Files\ATF-Cleaner.exe
2007-01-09 04:39 6,469,352 ----a-w C:\Program Files\avgas-setup-7.5.0.50.exe
2007-01-09 03:57 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2007-01-09 03:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-12-13 05:33 13,817,440 ----a-w C:\Program Files\bitdefender_free_v8.exe
2006-06-04 03:24 102,400 ----a-w C:\Documents and Settings\a\com_securenetasia_p11wrapper2.dll
2005-11-26 07:10 5,529,600 ----a-w C:\Program Files\mplayerc.exe
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2004-08-08 14:26 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 14:26 4,680 --sh--w C:\WINDOWS\system32\xsdjbbmp.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-18_ 1.47.14.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 08:43:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 05:30:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2005-03-07 12:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 02:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 13:10 421888]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 13:19 8192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\a\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - C:\Jts\WiseUpdt.exe [2007-06-01 20:35:27 194775]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:\WINDOWS\system32\zdesfx.dll [ ]
"{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}"= C:\WINDOWS\system32\wyrsdj.dll [ ]
"{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}"= C:\WINDOWS\system32\zgxfdx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yzztimsn.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R2 bcvnsvc;Visual Studio Analyzer Remote bridge Helper Service;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 cstmsvc;Cryptographic Services Table Manager;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R2 MSPlugPlay;Windows Plug and Play;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S0 96779z;96779z;C:\WINDOWS\system32\drivers\96779z.sys [2004-08-04 00:56]
S0 yndev;ynde;C:\WINDOWS\system32\DRIVERS\yndev.sys [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
cstmsvc REG_MULTI_SZ cstmsvc
bcvnsvc REG_MULTI_SZ bcvnsvc
MSPlugPlay REG_MULTI_SZ MSPlugPlay

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 22:30:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-18 22:34:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 05:34:08
ComboFix2.txt 2008-06-18 08:47:49

Pre-Run: 74,787,758,080 bytes free
Post-Run: 74,775,683,072 bytes free

172

--------------------------------------------------------------------------------------------------------------------

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:00 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: yzztimsn.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

--------------------------------------------------------------------------------------------------------

Malwarebytes log:

Malwarebytes' Anti-Malware 1.17
Database version: 855

10:40:32 PM 6/18/2008
mbam-log-6-18-2008 (22-40-32).txt

Scan type: Quick Scan
Objects scanned: 36809
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newpoopuppushad.aslogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newpoopuppushad.aslogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{06926b30-424e-4f1c-8ee3-543cd96573dc} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------------------------------------------------------------------------------------------------------------------

Online scan log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3198 (20080618)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=03f9e1c3f2dbb948a0cdb9fb9a3c65b8
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-06-19 06:14:52
# local_time=2008-06-18 11:14:52 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=273778
# found=378
# scan_time=1269
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.11237 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.12568 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.12603 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.12604 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.12906 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.13066 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.14426 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.14901 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.15169 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.15339 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.15506 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16135 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16456 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16763 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.17275 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.17525 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.18135 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.18211 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.18265 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.18769 Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.18934 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.18967 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.19087 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.19723 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.20512 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.21669 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.22393 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.22587 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.22763 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.23132 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24239 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24419 a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24705 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.25312 probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.28419 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.28740 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.28864 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.29241 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.29461 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.30327 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.30688 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.30744 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.30859 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.31379 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.31395 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.32565 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.33111 Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.33376 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.33934 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.34258 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.34754 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.35005 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.35144 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.35320 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.35877 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.35893 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.36101 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.37271 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.37397 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.37804 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.37820 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38049 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38133 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38181 Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.38399 Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.39168 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.40054 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.40710 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.40736 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.40937 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.41325 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.41939 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.42472 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.42772 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.43214 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.43520 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.44439 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.44993 probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45288 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45742 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.46111 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.46283 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.47590 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.48087 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.48257 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.48736 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.49681 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.50738 Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.50762 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.51062 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.51157 a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.52697 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.53288 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.55906 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.56624 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.56755 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.56972 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.57041 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.58161 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.58301 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.58332 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.58472 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.59122 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.59411 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.60083 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.60111 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.60281 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.60521 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.61676 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.61831 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.62190 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.62389 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.63141 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.63680 Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.63714 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.63733 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.64781 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.64809 Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.65958 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.66374 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.66755 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.67124 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.67374 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.67785 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.67943 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.68827 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.68913 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.69062 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70010 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70013 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70332 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70759 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.71642 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.72447 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.73333 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.73341 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.73418 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.73628 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.75453 a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.75696 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76675 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76976 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.77865 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.77874 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.78230 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.78881 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.79055 a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.79594 Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.79777 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.80378 a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.80571 Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.81299 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.82307 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.82833 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83022 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83172 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83557 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.84086 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.84151 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.84200 Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.84738 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.85191 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.85492 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86572 Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86593 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86788 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.86979 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.87015 probably a variant of Win32/Adware.Cinmus application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.87021 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.87324 Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.87487 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.87911 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.88340 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.89096 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.89538 Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.90924 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.91368 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.91387 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.91408 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.92030 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.92085 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.92366 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.92794 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.94013 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.94014 Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.94253 a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.94360 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.94363 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.95173 a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.95350 Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.95675 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.95731 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.96026 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.96171 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.96824 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.96992 Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.97232 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.98129 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.99822 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\a\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.99899 a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Hijackthis\backups\backup-20080618-013221-506.dll probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Hijackthis\backups\backup-20080618-013222-386.dll probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Hijackthis\backups\backup-20080618-013222-832.dll probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Hijackthis\backups\backup-20080618-013222-835.dll a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Hijackthis\backups\backup-20080618-013223-341.dll probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Hijackthis\backups\backup-20080618-013223-675.dll probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Hijackthis\backups\backup-20080618-013223-691.dll probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\INTLBAND.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\ACREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\INDEX.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\INREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\OLREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\PBREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\PPREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\PVREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\TOUR.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\WDREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\1033\XLREADME.HTM Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\AccessWeb\CLNTWRAP.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\AccessWeb\SERVWRAP.ASP Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\HTML\context.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Analyze Sales.htm Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Employees.htm Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Review Orders.htm Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Review Products.htm Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\SAMPLES\Sales.htm Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\1033\EMPTY.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\1033\HelpWatermark.htm Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Templates\MseNewFileItems\HTMLPAGE.HTM Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.related.htm Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\WinRAR\Order.htm Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll.vir probably a variant of Win32/Adware.Cinmus application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\CPUSH\cpush1.dll.vir a variant of Win32/Adware.Cinmus application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Common Files\CPUSH\Uninst.exe.vir Win32/Adware.Cinmus application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\49400MM.DLL.vir a variant of Win32/PSW.Legendmir.NFF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\explorer.exe.vir probably a variant of Win32/TrojanDownloader.Agent.NWV trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\scvhost.exe.vir probably a variant of Win32/TrojanDownloader.Agent.NWV trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir probably a variant of Win32/TrojanDownloader.Agent.NWV trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\7806B.exe.vir Win32/TrojanDownloader.VB.NOF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\aitlasys.exe.vir a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\azwmaime.exe.vir a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\cedafb.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\ismhasrv.exe.vir a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\jfrwdh.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\mndhedwd.dll.vir probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\mnmhgsrv.dll.vir probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\mpmyfapi.dll.vir probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\mpwdeapi.dll.vir a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\pldhadwd.exe.vir a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\rfdswc.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\sgrefg.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\sichost.exe.vir probably a variant of Win32/TrojanClicker.Agent.NCZ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\simyaapi.exe.vir a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\siwdaapi.exe.vir a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\sovlost.exe.vir a variant of Win32/TrojanClicker.Agent.NCZ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\wqajne.dll.vir a variant of Win32/PSW.QQPass.JF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\wrqszl.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\wyrsdj.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\wzcfsw.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\xpdhcp.dll.vir a variant of Win32/Agent.ABF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\yzztimsn.dll.vir probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\zaztamsn.exe.vir a variant of Win32/PSW.OnLineGames.OAF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\zdesfx.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\zgxfdx.dll.vir a variant of Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\zptlcsys.dll.vir probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\zywmgime.dll.vir probably a variant of Win32/PSW.OnLineGames.FDY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\acpidisk.sys.vir probably a variant of Win32/Ysmarsys trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\Temp\~my1.tmp.vir probably a variant of Win32/Genetik trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\scenariocomparison.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\gettingmore.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\gettingmore_onestepupdate.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\gettingmore_purchase.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\gettingmore_register.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\index.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\online_otherccra.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\online_otherrq.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\tools_businessincome.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\tools_charitable.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\tools_medical.html Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\tools_paycheque.html Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\tools_smarttips.html Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\upgrade_business.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\upgrade_business1.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\upgrade_platinum.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\upgrade_platinum1.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\inet\localweb\taxcentre\upgrade_platinum_or_business.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccraforms\he_cnil_other_exp.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccraforms\he_guide_1139.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccraforms\he_nfl_ws.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccraforms\he_t1_229_trav.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccraforms\he_t1_229_wage.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccraforms\he_t777_salary_other.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccraforms_ui\he_t777_ui.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccra_t1\he_new.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccra_t1\he_submit_address.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccra_t1\he_t1_elections.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccra_t1\he_t1_step1.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccra_t1\he_tq_438.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\ccra_t1_ui\he_submit_ui.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\easystep\he_ez_dependant.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\filing\he_nfl_mrq_status.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\filing\he_nfl_use_mrq.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\glossary\he_d_avg_rate.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\glossary\he_d_fr_errors.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\glossary\he_d_vehicle_auto.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\guides_bus\he_guide_cca.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\guides_oth\he_disable.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\guides_oth\he_disable_attendant.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\guides_oth\he_disable_support.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\guides_oth\he_mov_exp_simpl.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\manual\he_dep.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\manual\he_print_basics.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\manual\he_unlock_rtns.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\manual\he_update_obtain.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_att_a.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_att_e.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_att_l.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_att_o.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_cca.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_inv413a.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_qfam.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_r3.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_tp1012.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_tp1r.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_tp7266.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_tp7267.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms\he_q_tp76.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrqforms_ui\he_q_att_a_ui.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\mrq_tp1\he_q_432.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\province\he_432yt.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\qtax20xx\he_et_04.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\qtax20xx\he_formslist.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\qtax20xx\he_support.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\qtax20xx\he_tax_centre.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\qtax20xx\he_tax_link.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\step_help\he_229_auto_lease_ez.html Win32/Fujacks virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\taxtips\t_tip_117.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\taxtips\t_tip_129.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\taxtips\t_tip_130.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\taxtips\t_tip_132.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QuickTax 2005\QT2005\updates\tslips\he_tuition_info.html Win32/Fujacks.L virus (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups\backups.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\SDFix\backups\backups.zip ?ZIP ?backups/6.exe a variant of Win32/TrojanClicker.Agent.NCZ trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\SDFix\backups\backups.zip ?ZIP ?backups/7.exe a variant of Win32/Ysmarsys trojan (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\SDFix\backups\backups.zip ?ZIP ?backups/7.exe ?NSIS ?21.sys a variant of Win32/Ysmarsys trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\SDFix\backups\backups.zip ?ZIP ?backups/svchost.exe probably a variant of Win32/TrojanDownloader.Agent.NWV trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\c1.exe probably a variant of Win32/Adware.Cinmus application (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\c1.exe ?NSIS ?24.exe probably a variant of Win32/Adware.Cinmus application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\c1.exe ?NSIS ?24.exe ?NSIS ??€ probably a variant of Win32/Adware.Cinmus application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\c3.exe multiple infiltrations (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\c3.exe ?NSIS ?cpush.dll a variant of Win32/Adware.Cinmus application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\c3.exe ?NSIS ?Uninst.exe Win32/Adware.Cinmus application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\c5.exe Win32/Adware.Cinmus application (deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\c5.exe ?NSIS ?cpush.dll Win32/Adware.Cinmus application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\c5.exe ?NSIS ?Uninst.exe Win32/Adware.Cinmus application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\c9.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\lgtybu.dll Win32/PSW.QQPass.JF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\MSPlugPlay1005.sys probably a variant of Win32/Genetik trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\WINDOWS\system32\viscvc.exe a variant of Win32/TrojanDropper.Agent.NKD trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\windowsupdata.dll a variant of Win32/TrojanDownloader.Delf.OCZ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\ywuksw.dll probably a variant of Win32/PSW.IM trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\ywuksw.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\__delete_on_reboot__w_i_n_d_h_c_p_._o_c_x_ Win32/Agent.ABF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5NSP00SB\k[2].exe Win32/PSW.Legendmir.NEF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5NSP00SB\k[3].exe Win32/PSW.Legendmir.NEF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\drivers\96779z.sys probably a variant of Win32/Rootkit.Agent.NBQ trojan (unable to clean - deleted) 00000000000000000000000000000000


--------------------------------------------------------------------------------------------------------------------

and services list:


SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: AVG Anti-Spyware Guard
DISPLAY_NAME: AVG Anti-Spyware Guard
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: bcvnsvc
DISPLAY_NAME: Visual Studio Analyzer Remote bridge Helper Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: bdss
DISPLAY_NAME: BitDefender Scan Server
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Browser
DISPLAY_NAME: Computer Browser
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: cstmsvc
DISPLAY_NAME: Cryptographic Services Table Manager
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: dmserver
DISPLAY_NAME: Logical Disk Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: FastUserSwitchingCompatibility
DISPLAY_NAME: Fast User Switching Compatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Irmon
DISPLAY_NAME: Infrared Monitor
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: MDM
DISPLAY_NAME: Machine Debug Manager
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: MSPlugPlay
DISPLAY_NAME: Windows Plug and Play
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RemoteRegistry
DISPLAY_NAME: Remote Registry
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: W32Time
DISPLAY_NAME: Windows Time
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WebClient
DISPLAY_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: XCOMM
DISPLAY_NAME: BitDefender Communicator
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

[shelf life]

hi cece,

thanks for the info. looking much better. some of those items found in the online scan where from combofix's and malwarebytes Quarantine folder.
lets do this: we will remove some tools that we used with OTmoveit2, then repeat the online scan. we can get a new copy of combofix if needed.

tool removal:
Please download the OTMoveIt2 by OldTimer.

http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

* Save it to your desktop.
* Please double-click OTMoveIt2.exe to run it, then click the CleanUp! button. at the prompt to begin select yes.

Next:
start malwarebytes and under the quarantine tab you can delete the items.

reboot computer then repeat the online scan please.

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

last: rescan and post a new hjt log also.

[cece]

Sweet. Here are the new logs.

Online scan log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3201 (20080619)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=03f9e1c3f2dbb948a0cdb9fb9a3c65b8
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-06-20 07:05:20
# local_time=2008-06-20 12:05:20 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=273536
# found=0
# scan_time=1205


----------------------------------------------------------------------------------------------

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:06:31 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: yzztimsn.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[shelf life]

hi cece,

thanks for the info. your copy of spybot search and destroy is outdated. (spybotsd14.exe) there is a new version. i would uninstall it via add/remove programs panel and get the latest version (1.5) or just keep malwarebytes and AVG 7.5. NOTE: updates for avg 7.5 will be ending at some time, see link:
http://free.grisoft.com/ww.download-avg-an...nd-anti-rootkit

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O20 - AppInit_DLLs: yzztimsn.dll

your antivirus BitDefender8 is updated and functional?

reboot once and post a new hjt log

[cece]

Hi shelf life,

This message popped up while I was removing the two items via HJT:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: yzztimsn.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.


Regardless, here is the new HJT log after rebooting:

Logfile of HijackThis v1.99.1
Scan saved at 12:05:35 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



My BitDefender 8 has in fact expired. Would you know of any free anti-virus software?

Thanks for your help!

[shelf life]

hi cece,

thanks for the info. looks good. couple of things to do;

first i would get antivirus since yours has expired. you can uninstall bit defender via the add/remove programs panel.
reboot and get one of these which are free:

http://www.free-av.com/
http://www.avast.com/
http://www.clamwin.com/
http://free.grisoft.com/ww.homepage

Java:
Vulnerabilities/exploits in versions of Sun Java may be responsible for some malware installs via your browser.

It is important to keep Sun Java up to date and also to remove older versions which may have vulnerabilites/exploits that can be taken advantage of to possibly introduce malware via your browser.

* 1. Uninstall old versions of Sun Java via Add/Remove Programs.
* 2. Click the Remove or Change/Remove button
* 3. Reboot your PC if prompted.

to check if you have the latest version of Java and to download the latest version:

http://www.java.com/en/download/installed.jsp

system restore:
One of the features of Windows ME,XP and Vista is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

some info for you:
My Top Ten
The Short Version:

1) Keep your OS, (Windows) browser (IE, FireFox) and software up to date.
2) Know what you are installing to your computer. Alot of software can come with add-ons. Do you trust the source?
3) Install, keep updated: antivirus and two anti-malware applications.
4) Dont click on adds/pop ups or offers from websites to install software.
5) Dont click on offers to "scan" your computer.
6) Dont click on links or install files you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting the message. Do you trust the source?
7) Set up and use limited accounts rather than administrator accounts.
8) Consider using an alternate browser and E-mail client.
9) Install and understand the limitations of a third party software firewall.
10) If your habits include visiting or installing files from: warez, cracks/keygens, P2P or adult sites you are much more likely to encounter malicious code. Do you trust the source?

longer version in link below
if all is good: happy safe surfing