Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] ff.exe, tavo.exe, cavo.exe - error messages on startup

Started by MoogleMC , Mar 31 2008 06:33 PM

  • This topic is locked This topic is locked
22 replies to this topic

#1 MoogleMC

MoogleMC

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 31 March 2008 - 06:33 PM

Hi I keep getting these error messages from the ff.exe., tavo.exe, cavo.exe programs when I startup my computer. I know it is spyware/malware because I used spyware doctor to kill it, but it keeps coming back. Please help me get rid of this program. Thanks.

Here is my HijackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 5:29:21 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Update Class - {6F282C89-3BD3-4387-92D9-C76428B07E07} - C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.2.14.0\gears.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.myse...ugin/booter.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c865f76799fb72) (gupdate1c865f76799fb72) - Unknown owner - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe" /svc /lang en (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Advertisements

Register to Remove

#2 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 03 April 2008 - 07:52 PM

Hello MoogleMC and welcome to the What the Tech Forums

My name is Trevuren. I am sorry for the delay in getting to your problem but we are currently experiencing a temporary shortage of volunteers and the forum is busier than usual. If you are still in need of assistance, please post a fresh HijackThis log and I will provide assistance as soon as possible.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#3 MoogleMC

MoogleMC

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 04 April 2008 - 12:55 AM

Hi Trevuren

To reiterate my problem I've been getting error messages from tavo.exe., ff.exe. and cavo.exe upon startup. I have used spyware doctor to kill it in the past but it keeps coming back.

Here is the fresh Hijack This log, scanned on April 4th, 11:52 PM:

Logfile of HijackThis v1.99.1
Scan saved at 11:50:58 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Update Class - {6F282C89-3BD3-4387-92D9-C76428B07E07} - C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.myse...ugin/booter.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c865f76799fb72) (gupdate1c865f76799fb72) - Unknown owner - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe" /svc /lang en (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks for your help.

#4 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 April 2008 - 09:48 AM

A. First we must disable some of your security programs so that they do not interfere with the running of our tools:

MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Exit."
  • a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You succesfully disabled the McAfee Guard.


SPYWARE DOCTOR
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck "Run at Windows startup".
  • Click Apply and Exit Spyware Doctor.
  • From within Spyware Doctor, click the "OnGuard" button on the left side.
  • Uncheck "Activate OnGuard".
  • (When we are done, you can reenable Spyware Doctor)


B. Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.

Note: If you already have ComboFix on your machine, please DELETE it from your desktop before downloading the newest version.

Go to Posted Image -> Run -> copy/paste the following single line command in the runbox & click OK

"%userprofile%\desktop\combofix.exe" /killall

Posted Image
  • ComboFix will automatically start. Any monitoring programs will be shut down like your antivirus, antispyware programs for example.
  • ComboFix may restart your computer, this is normal.
  • When finished, it will produce a log, ComboFix.txt.
  • Please post ComboFix.txt in your next reply along with a new HijackThis log.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#5 MoogleMC

MoogleMC

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 04 April 2008 - 01:15 PM

Hi Trevuren

I ran the combofix but apparently during the combofix, my mcafee came up (even though I disabled it from the system tray) telling me about a "PUP" and asked me if I wanted to let it continue. I didn't do anything for a second, and then it just vanished and combofix ran on it's own. Combofix also came up with a disclaimer window and I just accepted. It also told me that "1/100 machines don't get through the disinfection, process, do you want to continue?" I also clicked yes. When it restarted my computer, mcafee started up again, even though combofix told me not to run any program so I hope it doesn't affect the disinfection process. Otherwise, I have the both the combofix log and the hijack this log.

Combofix log:

ComboFix 08-04-03.5 - Michael Chan 2008-04-04 11:57:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.675 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Chan\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Michael Chan\Application Data\macromedia\Flash Player\#SharedObjects\95PZSS6R\www.inter-focus.cn
C:\Documents and Settings\Michael Chan\Application Data\macromedia\Flash Player\#SharedObjects\95PZSS6R\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Documents and Settings\Michael Chan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\Michael Chan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\u.exe
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo1.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 01:51 . 2008-04-04 01:50 115,957 -r-hs---- C:\nl.com
2008-04-02 10:01 . 2008-04-04 10:58 81,408 -r-hs---- C:\WINDOWS\system32\tavo0.dll
2008-03-31 16:36 . 2008-04-01 09:13 117,715 -r-hs---- C:\rjiybg.exe
2008-03-26 01:35 . 2008-03-26 01:35 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-21 15:48 . 2008-03-22 11:23 116,402 -r-hs---- C:\spq.bat
2008-03-21 03:50 . 2008-03-21 03:50 113,438 -r-hs---- C:\82r9.cmd
2008-03-15 15:24 . 2008-03-25 17:29 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-15 15:24 . 2008-03-15 15:24 <DIR> d-------- C:\Documents and Settings\Michael Chan\Application Data\PC Tools
2008-03-15 15:24 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-15 15:24 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-15 15:24 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-15 15:24 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-14 09:06 . 2008-03-14 09:05 114,031 -r-hs---- C:\rtnlpipu.com
2008-03-12 23:46 . 2008-03-12 23:46 <DIR> d-------- C:\Program Files\Real Alternative
2008-03-11 18:25 . 2008-03-13 22:18 112,080 -r-hs---- C:\1i.com
2008-03-10 09:12 . 2008-03-09 21:40 115,749 -r-hs---- C:\1wod1.com
2008-03-08 02:36 . 2008-03-08 08:35 120,783 -r-hs---- C:\obc3wrq3.bat
2008-03-06 09:05 . 2008-03-06 21:11 119,085 -r-hs---- C:\uorys.cmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 04:10 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\foobar2000
2008-04-03 03:37 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\uTorrent
2008-04-02 04:51 --------- d-----w C:\Program Files\mIRC
2008-04-01 00:40 --------- d-----w C:\Program Files\Google
2008-03-27 21:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 22:47 --------- d-----w C:\Program Files\GAOV
2008-03-13 06:46 --------- d-----w C:\Program Files\Common Files\Real
2008-03-01 18:46 --------- d-----w C:\Documents and Settings\Guest\Application Data\McAfee.com Personal Firewall
2008-03-01 02:08 117,740 --sh--r C:\cfv90h.com
2008-02-29 21:25 --------- d-----w C:\Program Files\Warcraft III
2008-02-29 06:48 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\U3
2008-02-23 22:24 --------- d-----w C:\Program Files\episTree
2008-02-23 20:31 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-02-23 20:08 --------- d-----w C:\Program Files\Lavasoft
2008-02-23 20:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 20:07 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-23 20:07 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\NCH Swift Sound
2008-02-22 02:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-22 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 17:47 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\PrevxCSI
2008-02-21 01:33 115,221 --sh--r C:\gqsk.bat
2008-02-16 08:40 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\Move Networks
2008-02-07 07:47 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\Skype
2007-04-12 07:37 43,832 ----a-w C:\Documents and Settings\Michael Chan\Application Data\GDIPFONTCACHEV1.DAT
2006-09-02 18:42 8 --sh--r C:\WINDOWS\system32\FDAB4BAC9A.sys
2006-09-14 06:18 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282C89-3BD3-4387-92D9-C76428B07E07}]
2008-03-19 09:23 156144 --a----t- C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 00:45 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 09:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 07:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 07:28 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 282624 C:\WINDOWS\stsystra.exe]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 13:57 57344]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 20:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 16:16 1121792]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 10:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00 1005096]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 03:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 03:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 03:00 455168]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58 1032192]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2002-04-05 09:23 886272]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 00:41 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 03:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-06 22:07:12 113664]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 16:28:28 622653]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-07 00:52:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 01:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 12:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-09-07 19:18 189952 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 00:44 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tava]
C:\WINDOWS\system32\tavo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Executables\\utorrent.exe"=
"C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 10:01]
S2 gupdate1c865f76799fb72;Google Update Service (gupdate1c865f76799fb72);"C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe" /svc /lang en []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\cfv90h.com
\Shell\explore\Command - D:\cfv90h.com
\Shell\open\Command - D:\cfv90h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\.\VKangUST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\.\VKangUST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48e4b613-4398-11db-bf17-0015c56721e3}]
\Shell\AutoRun\command - G:\gqsk.bat
\Shell\explore\Command - G:\gqsk.bat
\Shell\open\Command - G:\gqsk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75fb2b98-e40d-11dc-834f-0016cffd5e04}]
\Shell\AutoRun\command - G:\1wod1.com
\Shell\explore\Command - G:\1wod1.com
\Shell\open\Command - G:\1wod1.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76485b9d-e73b-11dc-8365-0016cffd5e04}]
\Shell\AutoRun\command - G:\cfv90h.com
\Shell\explore\Command - G:\cfv90h.com
\Shell\open\Command - G:\cfv90h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8738e984-e617-11dc-8359-0016cffd5e04}]
\Shell\AutoRun\command - L:\cfv90h.com
\Shell\explore\Command - L:\cfv90h.com
\Shell\open\Command - L:\cfv90h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0daf1ff-395f-11db-bef8-00038a000015}]
\Shell\AutoRun\command - G:\rjiybg.exe
\Shell\explore\Command - G:\rjiybg.exe
\Shell\open\Command - G:\rjiybg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0daf200-395f-11db-bef8-00038a000015}]
\Shell\AutoRun\command - I:\rjiybg.exe
\Shell\explore\Command - I:\rjiybg.exe
\Shell\open\Command - I:\rjiybg.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 19:02:23 C:\WINDOWS\Tasks\GoogleUpdateTask.job"
- C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
"2008-03-29 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MICHAEL-Michael Chan).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 12:03:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2008-04-04 12:06:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 19:06:57
Pre-Run: 31,197,483,008 bytes free
Post-Run: 31,184,371,712 bytes free
.
2008-03-12 16:21:44 --- E O F ---

And here is the Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:08, on 2008-04-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Update Class - {6F282C89-3BD3-4387-92D9-C76428B07E07} - C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.myse...ugin/booter.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c865f76799fb72) (gupdate1c865f76799fb72) - Unknown owner - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe" /svc /lang en (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks again for all the help Trevuren.

#6 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 04 April 2008 - 02:36 PM

A. First we must disable those Security Programs again. This is very important:


B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\nl.com
C:\WINDOWS\system32\tavo0.dll
C:\rjiybg.exe
L:\cfv90h.com
C:\spq.bat
C:\82r9.cmd
C:\rtnlpipu.com
G:\rjiybg.exe
C:\1i.com
C:\1wod1.com
C:\obc3wrq3.bat
C:\uorys.cmd
G:\cfv90h.com
C:\cfv90h.com
I:\rjiybg.exe
C:\gqsk.bat
C:\WINDOWS\system32\FDAB4BAC9A.sys
G:\1wod1.com
G:\gqsk.bat
E:\setup.exe
D:\cfv90h.com

Folder::
H:\.
F:\.

Driver::
gupdate1c865f76799fb72

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tava]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48e4b613-4398-11db-bf17-0015c56721e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75fb2b98-e40d-11dc-834f-0016cffd5e04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76485b9d-e73b-11dc-8365-0016cffd5e04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8738e984-e617-11dc-8359-0016cffd5e04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0daf1ff-395f-11db-bef8-00038a000015}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0daf200-395f-11db-bef8-00038a000015}]
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. All your monitoring programs (Antivirus/Antispyware, Guards and Shields) will be stopped.

Posted Image

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

6. ComboFix will automatically REBOOT your machine when the KillAll:: switch is used..

7. Post the following logs/Reports:
  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


C. Using Internet Explorer, please do a Kaspersky Online Scan

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will provide a report if your system is infected. It does not provide an option to clean/disinfect. We only require a report from it.

    Posted Image

  • Click the Save as Text button to save the file to your desktop and post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#7 MoogleMC

MoogleMC

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 07 April 2008 - 10:46 AM

Hi Trevuren, here are my ComboFix, HIjackThis and Kapersky Scanner Logs, in that order:

ComboFix:

ComboFix 08-04-03.5 - Michael Chan 2008-04-06 23:52:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.675 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Chan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael Chan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\1i.com
C:\1wod1.com
C:\82r9.cmd
C:\cfv90h.com
C:\gqsk.bat
C:\nl.com
C:\obc3wrq3.bat
C:\rjiybg.exe
C:\rtnlpipu.com
C:\spq.bat
C:\uorys.cmd
C:\WINDOWS\system32\FDAB4BAC9A.sys
C:\WINDOWS\system32\tavo0.dll
D:\cfv90h.com
E:\setup.exe
G:\1wod1.com
G:\cfv90h.com
G:\gqsk.bat
G:\rjiybg.exe
I:\rjiybg.exe
L:\cfv90h.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1i.com
C:\1wod1.com
C:\82r9.cmd
C:\cfv90h.com
C:\gqsk.bat
C:\nl.com
C:\obc3wrq3.bat
C:\rjiybg.exe
C:\rtnlpipu.com
C:\spq.bat
C:\uorys.cmd
C:\WINDOWS\system32\FDAB4BAC9A.sys
C:\WINDOWS\system32\tavo0.dll
D:\cfv90h.com
F:\.\autorun.inf . . . . failed to delete
F:\.\cfgmgr32.dll . . . . failed to delete
F:\.\directx.cab . . . . failed to delete
F:\.\directx.inf . . . . failed to delete
F:\.\dsetup.dll . . . . failed to delete
F:\.\dsetup32.dll . . . . failed to delete
F:\.\dxsetup.exe . . . . failed to delete
F:\.\setupapi.dll . . . . failed to delete
F:\.\VKANGUS.cnt . . . . failed to delete
F:\.\VKANGUS.HLP . . . . failed to delete
F:\.\VKangUS.suf . . . . failed to delete
F:\.\VKangUST.exe . . . . failed to delete
H:\.\00000001.TMP . . . . failed to delete
H:\.\00000002.TMP . . . . failed to delete
H:\.\autorun.inf . . . . failed to delete
H:\.\cfgmgr32.dll . . . . failed to delete
H:\.\data . . . . failed to delete
H:\.\directx.cab . . . . failed to delete
H:\.\directx.inf . . . . failed to delete
H:\.\DrvMgt.dll . . . . failed to delete
H:\.\dsetup.dll . . . . failed to delete
H:\.\dsetup32.dll . . . . failed to delete
H:\.\dxsetup.exe . . . . failed to delete
H:\.\SECDRV.SYS . . . . failed to delete
H:\.\setupapi.dll . . . . failed to delete
H:\.\TRGRP . . . . failed to delete
H:\.\trmsc . . . . failed to delete
H:\.\trse . . . . failed to delete
H:\.\trsnr . . . . failed to delete
H:\.\VKANGUS.cnt . . . . failed to delete
H:\.\VKANGUS.EXE . . . . failed to delete
H:\.\VKANGUS.HLP . . . . failed to delete
H:\.\VKangUS.suf . . . . failed to delete
H:\.\VKangUST.exe . . . . failed to delete
H:\.\voice . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE1C865F76799FB72
-------\Service_gupdate1c865f76799fb72


((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.

2008-03-26 01:35 . 2008-03-26 01:35 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-15 15:24 . 2008-03-25 17:29 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-15 15:24 . 2008-03-15 15:24 <DIR> d-------- C:\Documents and Settings\Michael Chan\Application Data\PC Tools
2008-03-15 15:24 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-15 15:24 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-15 15:24 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-15 15:24 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-12 23:46 . 2008-03-12 23:46 <DIR> d-------- C:\Program Files\Real Alternative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 00:18 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\foobar2000
2008-04-04 20:47 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\McAfee.com Personal Firewall
2008-04-04 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-04-03 03:37 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\uTorrent
2008-04-02 04:51 --------- d-----w C:\Program Files\mIRC
2008-04-01 00:40 --------- d-----w C:\Program Files\Google
2008-03-27 21:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 22:47 --------- d-----w C:\Program Files\GAOV
2008-03-13 06:46 --------- d-----w C:\Program Files\Common Files\Real
2008-03-01 18:46 --------- d-----w C:\Documents and Settings\Guest\Application Data\McAfee.com Personal Firewall
2008-02-29 21:25 --------- d-----w C:\Program Files\Warcraft III
2008-02-29 06:48 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\U3
2008-02-23 22:24 --------- d-----w C:\Program Files\episTree
2008-02-23 20:31 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-02-23 20:08 --------- d-----w C:\Program Files\Lavasoft
2008-02-23 20:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 20:07 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-23 20:07 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\NCH Swift Sound
2008-02-22 02:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-22 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 17:47 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\PrevxCSI
2008-02-16 08:40 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\Move Networks
2008-02-07 07:47 --------- d-----w C:\Documents and Settings\Michael Chan\Application Data\Skype
2007-04-12 07:37 43,832 ----a-w C:\Documents and Settings\Michael Chan\Application Data\GDIPFONTCACHEV1.DAT
2006-09-14 06:18 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_12.06.38.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282C89-3BD3-4387-92D9-C76428B07E07}]
2008-03-19 09:23 156144 --a----t- C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 00:45 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 09:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 07:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 07:28 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 282624 C:\WINDOWS\stsystra.exe]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 13:57 57344]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 20:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 16:16 1121792]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 10:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00 1005096]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 03:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 03:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 03:00 455168]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58 1032192]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2002-04-05 09:23 886272]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 00:41 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 03:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-06 22:07:12 113664]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 16:28:28 622653]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-07 00:52:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 01:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 12:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-09-07 19:18 189952 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 00:44 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Executables\\utorrent.exe"=
"C:\\Program Files\\National Instruments\\LabVIEW 7.1\\LabVIEW.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 10:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 07:06:57 C:\WINDOWS\Tasks\GoogleUpdateTask.job"
- C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
"2008-03-29 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (MICHAEL-Michael Chan).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 00:07:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2008-04-07 0:10:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 07:10:42
ComboFix2.txt 2008-04-04 19:07:00
Pre-Run: 31,842,267,136 bytes free
Post-Run: 31,744,393,216 bytes free
.
2008-03-12 16:21:44 --- E O F ---

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 09:42, on 2008-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Update Class - {6F282C89-3BD3-4387-92D9-C76428B07E07} - C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.13.0\gears.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.myse...ugin/booter.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Kapersky Online Scanner Results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-07 09:39
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/04/2008
Kaspersky Anti-Virus database records: 688340
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 90775
Number of viruses found: 43
Number of infected objects: 587
Number of suspicious objects: 0
Duration of the scan process: 01:08:45

Infected Object Name / Virus Name / Last Action
C:\copetttt.com Infected: Worm.Win32.AutoRun.bkj skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael Chan\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\cert8.db Object is locked skipped
C:\Documents and Settings\Michael Chan\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\history.dat Object is locked skipped
C:\Documents and Settings\Michael Chan\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\key3.db Object is locked skipped
C:\Documents and Settings\Michael Chan\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\parent.lock Object is locked skipped
C:\Documents and Settings\Michael Chan\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Michael Chan\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-211cbc75.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-211cbc75.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-59c23e4f.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-59c23e4f.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-796f9851.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-796f9851.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4e1040f8-5c3fcb95.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4e1040f8-5c3fcb95.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-57fe912c.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-57fe912c.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-5db48955.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-5db48955.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-59e97cf8.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-59e97cf8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-9ec854f-24f4c9d5.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-9ec854f-24f4c9d5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Michael Chan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Google\Google Gears for Internet Explorer\localserver.db Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Google\Google Gears for Internet Explorer\permissions.db Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\Google Gears for Firefox\localserver.db Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\Google Gears for Firefox\permissions.db Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ybf8p8cy.default\Google Gears for Firefox\www.rememberthemilk.com\http_80\rtm_mckchan13#database Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\History\History.IE5\MSHist012008040720080408\index.dat Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Michael Chan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael Chan\My Documents\Downloads\LimeWire PRO 4.16.2 Latest Version.rar/LimeWireWinPRO.v4.16.2.exe/data0000.cab/setup.exe Infected: Trojan.Win32.Inject.mt skipped
C:\Documents and Settings\Michael Chan\My Documents\Downloads\LimeWire PRO 4.16.2 Latest Version.rar/LimeWireWinPRO.v4.16.2.exe/data0000.cab Infected: Trojan.Win32.Inject.mt skipped
C:\Documents and Settings\Michael Chan\My Documents\Downloads\LimeWire PRO 4.16.2 Latest Version.rar/LimeWireWinPRO.v4.16.2.exe Infected: Trojan.Win32.Inject.mt skipped
C:\Documents and Settings\Michael Chan\My Documents\Downloads\LimeWire PRO 4.16.2 Latest Version.rar RAR: infected - 3 skipped
C:\Documents and Settings\Michael Chan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael Chan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Executables\mIRC\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Executables\mIRC\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Executables\mIRC\mirc62.exe NSIS: infected - 2 skipped
C:\Executables\trivial pursuit\trivial-pursuit-silver-screen-setup.exe/data0000.bin/data0007 Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\Executables\trivial pursuit\trivial-pursuit-silver-screen-setup.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\Executables\trivial pursuit\trivial-pursuit-silver-screen-setup.exe EmbeddedEXE: infected - 2 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\QooBox\Quarantine\C\1i.com.vir Infected: Worm.Win32.AutoRun.czh skipped
C:\QooBox\Quarantine\C\1wod1.com.vir Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
C:\QooBox\Quarantine\C\82r9.cmd.vir Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
C:\QooBox\Quarantine\C\cfv90h.com.vir Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\QooBox\Quarantine\C\gqsk.bat.vir Infected: Worm.Win32.AutoRun.cpr skipped
C:\QooBox\Quarantine\C\nl.com.vir Infected: Trojan.Win32.Vaklik.yt skipped
C:\QooBox\Quarantine\C\obc3wrq3.bat.vir Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\QooBox\Quarantine\C\rjiybg.exe.vir Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
C:\QooBox\Quarantine\C\rtnlpipu.com.vir Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\QooBox\Quarantine\C\spq.bat.vir Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\QooBox\Quarantine\C\u.exe.vir Infected: Trojan-PSW.Win32.OnLineGames.skr skipped
C:\QooBox\Quarantine\C\uorys.cmd.vir Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kavo.exe.vir Infected: Trojan.Win32.Vaklik.yt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tavo.exe.vir Infected: Trojan.Win32.Vaklik.yu skipped
C:\QooBox\Quarantine\D\cfv90h.com.vir Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042199.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042200.dll Infected: Worm.Win32.AutoRun.bkj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042202.bat Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042203.exe Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042204.inf Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042225.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042226.dll Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042228.bat Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042229.inf Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042244.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042245.dll Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042248.bat Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042249.inf Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042262.dll Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042263.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042265.bat Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042266.inf Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042289.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042290.dll Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042292.exe Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042293.dll Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042294.inf Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042314.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042316.dll Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042318.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP437\A0042326.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042350.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042403.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042404.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042415.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042436.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042437.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042441.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043435.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043436.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043440.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043458.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043459.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043462.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043485.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043486.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043488.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043560.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043561.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043563.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043580.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043581.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043583.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP439\A0043591.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP439\A0043595.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP439\A0043596.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP439\A0044607.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP439\A0044637.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP439\A0044652.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP439\A0045664.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP441\A0045781.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP441\A0045800.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP442\A0045855.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP442\A0045868.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP442\A0045894.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP442\A0045906.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP442\A0045918.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP443\A0045945.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP443\A0045969.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0045981.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0045983.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0045986.exe Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0045987.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046000.dll Infected: Trojan-PSW.Win32.OnLineGames.ufx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046001.dll Infected: Trojan-PSW.Win32.OnLineGames.skr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046003.exe Infected: Trojan-PSW.Win32.OnLineGames.skr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046030.dll Infected: Trojan-PSW.Win32.OnLineGames.skr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046032.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046035.exe Infected: Trojan-PSW.Win32.OnLineGames.skr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046036.dll Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046047.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046050.exe Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046051.exe Infected: Trojan-PSW.Win32.OnLineGames.snu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046052.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046053.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046073.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046074.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046076.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046077.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046089.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046090.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046092.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046093.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046096.exe Infected: Trojan-PSW.Win32.OnLineGames.snu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046097.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046098.exe Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046099.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046114.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046115.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046117.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046118.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP445\A0046123.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP445\A0046124.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP445\A0046125.exe Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP445\A0046135.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP445\A0046149.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP445\A0046173.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0049250.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0049253.exe Infected: Trojan-PSW.Win32.OnLineGames.snu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0049254.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0049256.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050272.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050273.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050275.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050276.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050279.exe Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050280.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050304.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050306.exe Infected: Trojan-PSW.Win32.OnLineGames.snu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050307.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050308.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050309.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050310.exe Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050313.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050324.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050326.exe Infected: Trojan-PSW.Win32.OnLineGames.snu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050327.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050328.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050342.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050343.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050345.exe Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050346.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050347.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050348.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050390.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050391.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050395.exe Infected: Trojan-PSW.Win32.OnLineGames.snu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050396.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050401.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050402.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050424.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050425.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050427.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050428.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050447.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050448.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050475.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050476.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050478.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050479.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050497.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050498.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050500.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050501.exe Infected: Trojan-PSW.Win32.OnLineGames.snu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050502.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050503.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050506.exe Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050522.dll Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050524.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050525.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050538.dll Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050539.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050541.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050542.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0052557.dll Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0052559.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0052562.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0052563.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052568.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052569.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052582.dll Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052583.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052585.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052586.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052599.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052600.dll Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052602.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052603.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052630.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052631.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052644.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052645.dll Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052647.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052648.exe Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052649.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052650.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052668.dll Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052670.exe Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052671.cmd Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052693.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052694.dll Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052696.cmd Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052700.exe Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052701.dll Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052713.dll Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052714.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052716.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052717.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052720.exe Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052721.dll Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052723.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052724.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052745.dll Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052746.dll Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052748.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052749.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052752.exe Infected: Trojan-PSW.Win32.OnLineGames.tfe skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052753.dll Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052765.dll Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052769.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052770.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052773.exe Infected: Trojan-PSW.Win32.OnLineGames.toe skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052774.dll Infected: Trojan-PSW.Win32.OnLineGames.tod skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052776.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052777.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052804.dll Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052805.dll Infected: Trojan-PSW.Win32.OnLineGames.tod skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052807.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052808.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052811.exe Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052823.dll Infected: Trojan-PSW.Win32.OnLineGames.tod skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052825.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052827.exe Infected: Trojan-PSW.Win32.OnLineGames.toe skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052828.dll Infected: Trojan-PSW.Win32.OnLineGames.tod skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052830.com Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052860.dll Infected: Trojan-PSW.Win32.OnLineGames.toc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052862.com Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052866.exe Infected: Trojan-PSW.Win32.OnLineGames.tzq skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052867.dll Infected: Trojan-PSW.Win32.OnLineGames.tzp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052881.dll Infected: Trojan-PSW.Win32.OnLineGames.toc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052883.com Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052887.exe Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052888.dll Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052923.com Infected: Trojan-PSW.Win32.OnLineGames.tyu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052924.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052941.dll Infected: Trojan-PSW.Win32.OnLineGames.tys skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052943.com Infected: Trojan-PSW.Win32.OnLineGames.tyu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052944.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052947.exe Infected: Trojan-PSW.Win32.OnLineGames.tyu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052948.dll Infected: Trojan-PSW.Win32.OnLineGames.tyr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0052950.com Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0052951.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0053081.dll Infected: Trojan-PSW.Win32.OnLineGames.tyr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0053082.dll Infected: Trojan-PSW.Win32.OnLineGames.tys skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0053084.com Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0053085.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0053089.exe Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0053090.dll Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053093.com Infected: Worm.Win32.AutoRun.czh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053094.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053107.dll Infected: Trojan-PSW.Win32.OnLineGames.tys skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053109.com Infected: Worm.Win32.AutoRun.czh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053110.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053113.exe Infected: Worm.Win32.AutoRun.czh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053114.dll Infected: Worm.Win32.AutoRun.czh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053156.dll Infected: Trojan-PSW.Win32.OnLineGames.tys skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053158.com Infected: Worm.Win32.AutoRun.czh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053159.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053162.exe Infected: Trojan-PSW.Win32.OnLineGames.tyt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053163.dll Infected: Trojan-PSW.Win32.OnLineGames.tys skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053164.exe Infected: Worm.Win32.AutoRun.czh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053165.dll Infected: Worm.Win32.AutoRun.czh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053181.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053194.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053214.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053217.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053232.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053234.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053247.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053251.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053270.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053273.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053288.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053291.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP459\A0053306.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053319.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053403.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053406.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053421.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053424.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053442.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053444.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0054442.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0054445.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0054461.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0054464.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054469.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054493.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054496.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054517.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054520.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054581.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054585.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054597.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054609.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054614.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054675.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054677.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054698.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054701.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054762.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054764.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054768.exe Infected: Packed.Win32.PolyCrypt.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054770.exe Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054771.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054798.cmd Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054799.inf Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054824.dll Infected: Trojan-PSW.Win32.OnLineGames.uqu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054827.cmd Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054828.inf Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054831.exe Infected: Trojan-PSW.Win32.OnLineGames.vun skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054832.dll Infected: Trojan-PSW.Win32.OnLineGames.vun skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054869.exe Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054879.dll Infected: Trojan-PSW.Win32.OnLineGames.vun skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054885.exe Infected: Trojan-PSW.Win32.OnLineGames.vun skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054886.dll Infected: Trojan-PSW.Win32.OnLineGames.vun skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054943.dll Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054947.bat Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054948.inf Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054952.exe Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054953.dll Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054964.dll Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054966.bat Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054967.inf Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054972.exe Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054973.dll Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055361.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055371.dll Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055387.dll Infected: Trojan-PSW.Win32.Magania.gpa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055390.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055391.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055394.exe Infected: Trojan.Win32.Vaklik.yg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055395.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055397.dll Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055426.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055427.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055444.dll Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055448.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055449.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055454.exe Infected: Trojan.Win32.Vaklik.yg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055477.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055478.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055491.dll Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055494.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055495.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055499.exe Infected: Trojan-PSW.Win32.OnLineGames.yxh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055500.dll Infected: Worm.Win32.AutoRun.dfg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055509.dll Infected: Worm.Win32.AutoRun.dfg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055510.dll Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055513.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055514.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055548.dll Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055551.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055552.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055555.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055556.dll Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055559.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055560.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055574.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055575.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055578.exe Infected: Trojan.Win32.Vaklik.yp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055598.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055599.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055602.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055604.exe Infected: Trojan.Win32.Vaklik.yp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055618.com Infected: Trojan.Win32.Vaklik.yt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP476\A0055632.com Infected: Trojan.Win32.Vaklik.yt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP476\A0055637.exe Infected: Trojan.Win32.Vaklik.yt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP476\A0055640.exe Infected: Trojan.Win32.Vaklik.yu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP476\A0055642.exe Infected: Trojan-PSW.Win32.OnLineGames.skr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055760.com Infected: Worm.Win32.AutoRun.czh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055761.com Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055762.cmd Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055763.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055764.bat Infected: Worm.Win32.AutoRun.cpr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055765.com Infected: Trojan.Win32.Vaklik.yt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055766.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055767.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055768.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055769.bat Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055770.cmd Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Bluetooth Null Modem.txt Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{57B8CE44-B176-42D5-83CD-CD1AA575A4EC}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd6845.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\1i.com Infected: Worm.Win32.AutoRun.czh skipped
D:\1wod1.com Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
D:\82r9.cmd Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
D:\copetttt.com Infected: Worm.Win32.AutoRun.bkj skipped
D:\gqsk.bat Infected: Worm.Win32.AutoRun.cpr skipped
D:\nl.com Infected: Trojan.Win32.Vaklik.yt skipped
D:\obc3wrq3.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\rjiybg.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
D:\rtnlpipu.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\spq.bat Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042205.bat Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042206.inf Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042230.bat Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042231.inf Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042250.bat Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042251.inf Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042267.bat Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042268.inf Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042295.inf Infected: Worm.Win32.AutoRun.cpr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0042320.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP437\A0042328.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042352.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042417.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0042443.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043442.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043464.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043490.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043565.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP438\A0043585.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP439\A0043593.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0045984.exe Infected: Trojan-PSW.Win32.OnLineGames.rpw skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046005.exe Infected: Trojan-PSW.Win32.OnLineGames.skr skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046054.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046055.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046078.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046079.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046094.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046095.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046119.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP444\A0046120.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0049257.com Infected: Trojan-PSW.Win32.OnLineGames.sgu skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0049258.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050277.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050278.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050311.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050312.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050329.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050330.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050349.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050350.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050392.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP446\A0050393.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050403.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050404.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050429.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP447\A0050430.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050449.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050450.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050480.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050481.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050504.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050505.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050526.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050527.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050543.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0050544.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0052564.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP448\A0052565.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052570.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052571.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052587.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052588.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052604.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP449\A0052605.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052632.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052633.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052651.inf Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP450\A0052673.cmd Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052698.cmd Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052718.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP451\A0052719.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052725.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052726.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052750.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052751.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052771.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP452\A0052772.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052778.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052779.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052809.bat Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052810.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP453\A0052826.inf Infected: Trojan-PSW.Win32.OnLineGames.tng skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052832.com Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052864.com Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP454\A0052885.com Infected: Trojan-PSW.Win32.OnLineGames.tob skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052925.com Infected: Trojan-PSW.Win32.OnLineGames.tyu skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052926.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052945.com Infected: Trojan-PSW.Win32.OnLineGames.tyu skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP455\A0052946.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0052952.com Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0052953.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0053086.com Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP456\A0053087.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053095.com Infected: Worm.Win32.AutoRun.czh skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053096.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053111.com Infected: Worm.Win32.AutoRun.czh skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053112.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053160.com Infected: Worm.Win32.AutoRun.czh skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053161.inf Infected: Trojan-PSW.Win32.OnLineGames.ufb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP457\A0053183.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053196.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053219.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053236.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053253.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053275.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP458\A0053293.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP459\A0053308.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053321.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053408.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053426.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0053446.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0054447.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP460\A0054466.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054471.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054498.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054522.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP461\A0054587.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054599.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054616.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054679.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054703.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP462\A0054766.com Infected: Trojan-PSW.Win32.OnLineGames.uqv skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054800.cmd Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054801.inf Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054829.cmd Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054830.inf Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054884.inf Infected: Trojan-PSW.Win32.OnLineGames.vos skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054949.bat Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054950.inf Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054968.bat Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP463\A0054969.inf Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055362.com Infected: Trojan-PSW.Win32.OnLineGames.szb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055363.inf Infected: Trojan-PSW.Win32.OnLineGames.wla skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055392.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP472\A0055393.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055428.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055429.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055450.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP473\A0055451.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055479.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055480.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055496.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055497.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055515.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055516.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055553.exe Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP474\A0055554.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055561.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055562.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055576.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055577.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055600.exe Infected: Trojan-PSW.Win32.OnLineGames.yxb skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055601.inf Infected: Trojan-PSW.Win32.OnLineGames.yxp skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0055620.com Infected: Trojan.Win32.Vaklik.yt skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP476\A0055634.com Infected: Trojan.Win32.Vaklik.yt skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\A0055773.com Infected: Trojan-PSW.Win32.OnLineGames.ssa skipped
D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP478\change.log Object is locked skipped
D:\u.exe Infected: Trojan-PSW.Win32.OnLineGames.skr skipped
D:\uorys.cmd Infected: Trojan-PSW.Win32.OnLineGames.tfa skipped

Scan process completed.

Thanks again.

#8 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 07 April 2008 - 04:44 PM

A. Apparently, Drives F and H are removable drives. So we will proceed like this:


Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


B. There is a file in your log of which I am unsure. For that reason, I need you to submit it to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\WINDOWS\system32\drivers\iksyssec.sys

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

5. Please now follow the same procedures with the following files:

C:\WINDOWS\system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#9 MoogleMC

MoogleMC

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 07 April 2008 - 06:00 PM

Hi Trevuren

Drives F and H are actually virtual drives I created with DAEMON tools. I can use DAEMON tools to shut them off if you like.

However I do have a SD card reader installed on my laptop though I don't think it shows up as a drive in My Computer until I insert an SD card in it. Should I clean that SD card as well?

As for the results of the file analysis at Jotti's, here they are:

C:\WINDOWS\system32\drivers\iksyssec.sys

File: iksyssec.sys
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 2402f65f1eca5159c8f0f16066f4bded
Packers detected:
-
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 07 Apr 2008 23:55:45 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


C:\WINDOWS\system32\drivers\iksysflt.sys

Service load:
0% 100%
File: iksysflt.sys
Status:
OK
MD5: 7583e2211097d273fca4e3fce04f639f
Packers detected:
-
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 07 Apr 2008 23:54:12 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

C:\WINDOWS\system32\drivers\ikfilesec.sys

Service load:
0% 100%
File: ikfilesec.sys
Status:
OK
MD5: 03319a0e088b42836f3cfccb3d9966f7
Packers detected:
PE_PATCH
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 07 Apr 2008 23:57:46 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Thanks Trevuren

Edited by MoogleMC, 07 April 2008 - 06:02 PM.

#10 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 07 April 2008 - 06:27 PM

A. Your Java is out of date and the Java Cache is infected. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u5.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • In the pull down menu next to Platform select Windows
  • Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement"
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windowsi586-p.exe to install the newest version.


Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.


B. Make sure your Security Programs and shut down and close all virtual drives

C. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\copetttt.com
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-211cbc75.zip
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-59c23e4f.zip
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-796f9851.zip
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4e1040f8-5c3fcb95.zip
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-57fe912c.zip
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-5db48955.zip
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-59e97cf8.zip
C:\Documents and Settings\Michael Chan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-9ec854f-24f4c9d5.zip
C:\Documents and Settings\Michael Chan\My Documents\Downloads\LimeWire PRO 4.16.2 Latest Version.rar
D:\1i.com
D:\1wod1.com
D:\82r9.cmd
D:\copetttt.com
D:\gqsk.bat
D:\nl.com
D:\obc3wrq3.bat
D:\rjiybg.exe
D:\rtnlpipu.com
D:\spq.bat
D:\u.exe
D:\uorys.cmd

Folder::
C:\Executables\trivial pursuit
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. Do not use your computer for any other purpose while ComboFix is running.

5. All your monitoring programs (Antivirus/Antispyware, Guards and Shields) will be stopped.

Posted Image

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

6. ComboFix will automatically REBOOT your machine when the KillAll:: switch is used..

7. Post the following logs/Reports:
  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

    Advertisements

Register to Remove

#11 MoogleMC

MoogleMC

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 07 April 2008 - 10:51 PM

Hi Trevuren As you asked I removed all the old Java applications and installed the new one. I also cleared the temporary files to clean out the Java Cache. However, when I use the new CFScript.txt on ComboFix, ComboFix will initiate but then terminates itself before it even begins scanning. The window pops up for about a second then disappears as if nothing happened at all.

#12 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 07 April 2008 - 11:07 PM

We will try this another way:

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Michael Chan\My Documents\Downloads\LimeWire PRO 4.16.2 Latest Version.rar
D:\1i.com
D:\1wod1.com
D:\82r9.cmd
D:\copetttt.com
D:\gqsk.bat
D:\nl.com
D:\obc3wrq3.bat
D:\rjiybg.exe
D:\rtnlpipu.com
D:\spq.bat
D:\u.exe
D:\uorys.cmd
C:\Executables\trivial pursuit
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#13 MoogleMC

MoogleMC

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 07 April 2008 - 11:11 PM

Here are the OTMoveIt2 Results: C:\Documents and Settings\Michael Chan\My Documents\Downloads\LimeWire PRO 4.16.2 Latest Version.rar moved successfully. D:\1i.com moved successfully. D:\1wod1.com moved successfully. D:\82r9.cmd moved successfully. D:\copetttt.com moved successfully. D:\gqsk.bat moved successfully. D:\nl.com moved successfully. D:\obc3wrq3.bat moved successfully. D:\rjiybg.exe moved successfully. D:\rtnlpipu.com moved successfully. D:\spq.bat moved successfully. D:\u.exe moved successfully. D:\uorys.cmd moved successfully. C:\Executables\trivial pursuit moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04072008_221034

#14 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 07 April 2008 - 11:17 PM

Your log looks clean. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures and recommendations.

Trevuren
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#15 MoogleMC

MoogleMC

    Authentic Member

  • Authentic Member
  • PipPip
  • 32 posts

Posted 07 April 2008 - 11:23 PM

Hi Trevuren I am not aware of any more malware related problems and error messages have not appeared upon startup for a while now. OK, let's move on to the final step. Thank you so much Trevuren! I really appreciate all the time and energy you put into helping me!

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·