onlinegames.gen & heuri-e

[LYT4X]

Firstly, hello to all you guys who seem to be resident in the 'last resort' hotel

I've been on PCs / Internet & e-mail for 12 years and have never had a real infection! Perhaps this is due to being careful, as it isn't through any degree of knowledge. I don't surf much, I don't use the PC for 'on-line entertainment' and I don't open dodgy e-mails. HOWEVER, I (stupidly) stuck an SD card into my machine recently which was from a 'friend' with MP3s on it and............ BANG

Even worse, I put it on SWMBOs PC and my Laptop too before noticing the error

Remedial action has seen Adaware, Spybot, HijackThis & Kill being employed to little or no avail. I've shelled-out ($) for Spysweeper with Antivirus and this has only identified the problem but not killed it.

Prior to this post I have read your 5 steps and done all that was asked - except the Panda thing which failed to start.

I found a similar thread on this forum (185621-help-trojan-pws-onlinegames-gen-es-4), where sUBs sorted the problem

However, apart from finding most of the instructions to be beyond my non-expert understanding, I'm quite sure that the solution was probably specific to the poster.

Anyway, here is my DSS text and extra text attached:

Deckard's System Scanner v20070905.67
Run by Administrator on 2007-10-12 12:51:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
63: 2007-10-12 11:51:44 UTC - RP307 - Deckard's System Scanner Restore Point
62: 2007-10-12 11:02:27 UTC - RP306 - Removed Ad-Aware 2007
61: 2007-10-11 19:53:05 UTC - RP305 - System Checkpoint
60: 2007-10-10 19:44:47 UTC - RP304 - Removed Microsoft .NET Framework 1.1
59: 2007-10-10 17:31:49 UTC - RP303 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-07-15 20:33:18 UTC - RP245 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:23, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\gmiuud.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O20 - AppInit_DLLs: winforms.dll
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2752 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071010-195424-177 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
backup-20071010-195424-263 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071010-195424-295 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071010-195424-423 O20 - AppInit_DLLs: winforms.dll
backup-20071010-195424-430 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071010-195424-472 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071010-195424-483 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071010-195424-562 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071010-195424-566 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071010-195424-658 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071010-195424-761 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071010-195705-876 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
backup-20071010-195705-959 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071010-195718-358 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
backup-20071010-195801-134 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
backup-20071010-204047-419 O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
backup-20071010-204047-639 O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exe
backup-20071010-204047-868 O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exe
backup-20071010-204048-111 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071010-204048-117 O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
backup-20071010-204048-133 O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
backup-20071010-204048-160 O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe
backup-20071010-204048-247 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071010-204048-249 O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
backup-20071010-204048-311 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071010-204048-328 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071010-204048-346 O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
backup-20071010-204048-389 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071010-204048-396 O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
backup-20071010-204048-448 O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
backup-20071010-204048-582 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071010-204048-603 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071010-204048-656 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071010-204048-659 O20 - AppInit_DLLs: winforms.dll
backup-20071010-204048-887 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071010-204048-982 O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
backup-20071010-204056-621 O20 - AppInit_DLLs: winforms.dll
backup-20071010-204934-118 O20 - Winlogon Notify: sysfldr - C:\WINDOWS\
backup-20071010-204934-203 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071010-204934-235 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071010-204934-363 O20 - AppInit_DLLs: winforms.dll
backup-20071010-204934-370 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071010-204934-413 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071010-204934-423 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071010-204934-502 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071010-204934-506 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071010-204934-598 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071010-204934-701 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071010-205009-236 O20 - Winlogon Notify: sysfldr- - sysfldr.dll (file missing)
backup-20071010-205009-712 O20 - AppInit_DLLs: winforms.dll
backup-20071010-205038-296 O20 - AppInit_DLLs: winforms.dll
backup-20071010-205843-926 O20 - AppInit_DLLs: winforms.dll
backup-20071011-092435-258 O20 - AppInit_DLLs: C:\WINDOWS\system32\winforms.dll
backup-20071011-092447-571 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-112613-132 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-112613-229 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-112613-331 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-112613-649 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-112613-865 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-112613-870 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-112613-952 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-112613-994 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-112824-416 O20 - AppInit_DLLs: C:\WINDOWS\system32\zinforms.dll
backup-20071011-112824-679 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-130038-419 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-130038-579 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-130038-643 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-130038-661 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-130038-722 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-130038-914 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-130038-936 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-130038-989 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-132704-197 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-132704-255 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-132704-298 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-132704-529 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-132704-567 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-132704-635 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-132704-642 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-132704-902 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-133755-146 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-133755-174 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-133755-313 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-133755-355 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-133755-445 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-133755-450 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-133755-511 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-133755-545 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-133755-673 O20 - AppInit_DLLs: C:\WINDOWS\system32\zinforms.dll
backup-20071011-133755-733 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-150424-186 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-150424-301 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-150424-449 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-150424-566 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-150424-682 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-150424-695 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
backup-20071011-150424-701 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-150424-709 O20 - AppInit_DLLs: C:\WINDOWS\system32\zinforms.dll
backup-20071011-150424-833 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-150424-843 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-163621-182 O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
backup-20071011-163621-390 O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
backup-20071011-163621-420 O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
backup-20071011-163622-141 O20 - AppInit_DLLs: C:\WINDOWS\system32\winforms.dll
backup-20071011-163622-383 O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
backup-20071011-163622-518 O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
backup-20071011-163622-560 O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
backup-20071011-163622-573 O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
backup-20071011-163622-650 O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
backup-20071011-163622-849 O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CommSBEP - c:\windows\system32\drivers\commsbep.sys <Not Verified; Motorola; ADK>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 1E3F603C - c:\windows\system32\80fee47e.exe -k <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S4 AClient (Altiris Client Service) - c:\program files\aclient\aclient.exe -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-09-12 and 2007-10-12 -----------------------------

2007-10-12 12:11:53 64817 --a------ C:\Program Files\provie.exe
2007-10-12 11:49:15 36864 --a------ C:\WINDOWS\system32\35D3D2F8.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-10-12 11:48:32 17974 --a------ C:\auto.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-10-12 11:48:26 17974 --a------ C:\WINDOWS\system32\80FEE47E.EXE <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-10-12 09:41:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:40:40 0 d-------- C:\Program Files\Webroot
2007-10-12 09:40:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-12 09:40:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:35:04 164 --a------ C:\install.dat
2007-10-11 13:25:43 24064 --a------ C:\WINDOWS\system32\lagcgu.dll
2007-10-11 13:25:41 23552 --a------ C:\WINDOWS\system32\oxelei.dll
2007-10-11 11:20:45 24064 --a------ C:\WINDOWS\system32\gkyrog.dll
2007-10-11 11:20:44 23552 --a------ C:\WINDOWS\system32\wgzvvu.dll
2007-10-11 09:21:38 28672 --a------ C:\WINDOWS\system32\winforms.dll
2007-10-10 19:41:43 11344 --a------ C:\WINDOWS\system32\k11920414171.exe
2007-10-10 19:41:09 24064 --a------ C:\WINDOWS\system32\btawwx.dll
2007-10-10 19:09:00 0 d-------- C:\Program Files\Trend Micro
2007-10-10 14:59:00 23552 --a------ C:\WINDOWS\system32\adsygz.dll
2007-10-10 14:25:17 24064 --a------ C:\WINDOWS\system32\mhkdwk.dll
2007-10-10 14:25:12 125440 --a------ C:\WINDOWS\system32\zauowa.dll
2007-10-10 13:54:47 24064 --a------ C:\WINDOWS\system32\jmwxdh.dll
2007-10-10 13:54:45 24064 --a------ C:\WINDOWS\system32\eoruyj.dll
2007-10-10 13:54:42 23552 --a------ C:\WINDOWS\system32\jaadnu.dll
2007-10-10 13:54:41 23040 --a------ C:\WINDOWS\system32\bogfyc.dll
2007-10-10 13:54:40 125440 --a------ C:\WINDOWS\system32\ghowkw.dll
2007-10-10 13:50:25 23040 --a------ C:\WINDOWS\system32\rfivfn.dll
2007-10-10 13:50:25 24064 --a------ C:\WINDOWS\system32\jpwnek.dll
2007-10-10 13:50:23 23552 --a------ C:\WINDOWS\system32\rwbmav.dll
2007-10-10 13:50:22 15598 --a------ C:\WINDOWS\system32\k11920203816.exe
2007-10-10 13:50:22 125440 --a------ C:\WINDOWS\system32\chrghj.dll
2007-10-10 13:32:15 5672 --a------ C:\WINDOWS\system32\k11920192913.exe
2007-10-10 13:25:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 11:27:28 23552 --a------ C:\WINDOWS\system32\znoovu.dll
2007-10-10 11:23:09 125440 --a------ C:\WINDOWS\system32\cfdvpa.dll
2007-10-10 11:19:46 24576 --a------ C:\WINDOWS\system32\wshylk.dll
2007-10-10 11:19:46 24064 --a------ C:\WINDOWS\system32\ttytbi.dll
2007-10-10 11:19:45 5406 --a------ C:\WINDOWS\system32\k11920113437.exe
2007-10-10 11:19:44 23552 --a------ C:\WINDOWS\system32\rbymmv.dll
2007-10-10 11:19:43 23040 --a------ C:\WINDOWS\system32\wkxspg.dll
2007-10-10 11:19:41 125440 --a------ C:\WINDOWS\system32\jielaz.dll
2007-10-10 10:25:14 0 d-------- C:\WINDOWS\system32\NtmsData
2007-10-10 10:11:46 26624 --a------ C:\WINDOWS\system32\vxvdxk.dll
2007-10-10 10:11:45 19456 --a------ C:\WINDOWS\system32\xpldcu.dll
2007-10-10 10:11:42 19456 --a------ C:\WINDOWS\system32\vpatcu.dll
2007-10-10 10:10:42 24576 --a------ C:\WINDOWS\system32\xtjjla.dll
2007-10-10 10:10:41 24064 --a------ C:\WINDOWS\system32\avbezt.dll
2007-10-10 10:10:37 125440 --a------ C:\WINDOWS\system32\ykqkqs.dll
2007-10-10 10:10:37 23040 --a------ C:\WINDOWS\system32\fdoxtz.dll
2007-10-10 10:10:37 23552 --a------ C:\WINDOWS\system32\axcsfs.dll
2007-10-10 1004 24064 --a------ C:\WINDOWS\system32\vijfxw.dll
2007-10-10 1003 23552 --a------ C:\WINDOWS\system32\gtqctc.dll
2007-10-10 1002 24576 --a------ C:\WINDOWS\system32\gwsjim.dll
2007-10-10 10:05:59 23040 --a------ C:\WINDOWS\system32\wlrnnm.dll
2007-10-10 10:05:58 125440 --a------ C:\WINDOWS\system32\ehuxlg.dll
2007-10-10 09:00:50 24576 --a------ C:\WINDOWS\system32\uyyulq.dll
2007-10-09 13:48:56 19456 --a------ C:\WINDOWS\system32\owgesd.dll
2007-10-09 13:48:53 26624 --a------ C:\WINDOWS\system32\gunnnf.dll
2007-10-09 13:48:48 24576 --a------ C:\WINDOWS\system32\oidgyi.dll
2007-10-09 13:48:47 19456 --a------ C:\WINDOWS\system32\mvzysi.dll
2007-10-09 13:47:43 23552 --a------ C:\WINDOWS\system32\gtzrbn.dll
2007-10-09 13:47:42 24064 --a------ C:\WINDOWS\system32\tnhjcx.dll
2007-10-09 13:47:42 23040 --a------ C:\WINDOWS\system32\jdsrig.dll
2007-10-09 13:47:42 24576 --a------ C:\WINDOWS\system32\bowldj.dll
2007-10-09 13:47:37 124416 --a------ C:\WINDOWS\system32\rrijtj.dll
2007-10-09 13:43:16 24064 --a------ C:\WINDOWS\system32\xhvald.dll
2007-10-09 13:43:14 23552 --a------ C:\WINDOWS\system32\kyfoyh.dll
2007-10-09 13:43:12 24576 --a------ C:\WINDOWS\system32\zndvak.dll
2007-10-09 13:43:10 23040 --a------ C:\WINDOWS\system32\uhxmcm.dll
2007-10-09 13:43:09 124416 --a------ C:\WINDOWS\system32\sxwjyq.dll
2007-10-09 12:43:58 26624 --a------ C:\WINDOWS\system32\ydrlew.dll
2007-10-09 12:43:55 19456 --a------ C:\WINDOWS\system32\twmcrs.dll
2007-10-09 12:43:54 24576 --a------ C:\WINDOWS\system32\zqlozn.dll
2007-10-09 12:43:54 19456 --a------ C:\WINDOWS\system32\btomea.dll
2007-10-09 12:42:58 23552 --a------ C:\WINDOWS\system32\dqsyfz.dll
2007-10-09 12:42:50 24064 --a------ C:\WINDOWS\system32\jmfvtj.dll
2007-10-09 12:42:48 24576 --a------ C:\WINDOWS\system32\jtkuwn.dll
2007-10-09 12:42:46 124416 --a------ C:\WINDOWS\system32\ochtul.dll
2007-10-09 12:42:46 23040 --a------ C:\WINDOWS\system32\ecdwbn.dll
2007-10-09 11:43:35 19456 --a------ C:\WINDOWS\system32\qvjxav.dll
2007-10-09 11:43:33 26624 --a------ C:\WINDOWS\system32\ddcuyr.dll
2007-10-09 11:43:29 19456 --a------ C:\WINDOWS\system32\isfcfz.dll
2007-10-09 11:42:23 23552 --a------ C:\WINDOWS\system32\nbxidp.dll
2007-10-09 11:38:11 124416 --a------ C:\WINDOWS\system32\qyeksq.dll
2007-10-09 11:38:11 23552 --a------ C:\WINDOWS\system32\odlfdk.dll
2007-10-09 11:38:07 24064 --a------ C:\WINDOWS\system32\iuhtzf.dll
2007-10-09 11:38:06 24576 --a------ C:\WINDOWS\system32\gyvltf.dll
2007-10-09 11:38:02 23040 --a------ C:\WINDOWS\system32\dyrozf.dll
2007-10-09 10:39:05 19456 --a------ C:\WINDOWS\system32\sxycos.dll
2007-10-09 10:38:53 26624 --a------ C:\WINDOWS\system32\nsutsl.dll
2007-10-09 10:38:50 19456 --a------ C:\WINDOWS\system32\iqzqer.dll
2007-10-09 10:38:50 24576 --a------ C:\WINDOWS\system32\cegafc.dll
2007-10-09 10:37:48 24064 --a------ C:\WINDOWS\system32\xcuufh.dll
2007-10-09 10:37:48 24576 --a------ C:\WINDOWS\system32\aqimbm.dll
2007-10-09 10:37:44 23040 --a------ C:\WINDOWS\system32\aimdnn.dll
2007-10-09 10:37:40 124416 --a------ C:\WINDOWS\system32\xbdooe.dll
2007-10-09 10:33:28 24576 --a------ C:\WINDOWS\system32\scngxz.dll
2007-10-09 10:33:28 124416 --a------ C:\WINDOWS\system32\nhcrgk.dll
2007-10-09 10:33:27 23040 --a------ C:\WINDOWS\system32\kiddrq.dll
2007-10-09 10:33:25 13915 --a------ C:\WINDOWS\system32\k11919221644.exe
2007-10-09 09:28:53 2570 --a------ C:\WINDOWS\system32\k11919182917.exe
2007-10-08 15:11:39 23040 --a------ C:\WINDOWS\system32\wgqibk.dll
2007-10-08 15:11:33 124416 --a------ C:\WINDOWS\system32\fytxwo.dll
2007-10-08 13:05:29 23552 --a------ C:\WINDOWS\system32\waezma.dll
2007-10-08 10:19:47 34304 --a------ C:\WINDOWS\system32\SHQ.DLL
2007-10-08 10:19:46 20 --a------ C:\WINDOWS\system32\mhsha1.dat
2007-10-05 16:13:51 24576 --a------ C:\WINDOWS\system32\unacfh.dll
2007-10-05 16:13:51 23040 --a------ C:\WINDOWS\system32\pahdmf.dll
2007-10-05 16:13:47 124416 --a------ C:\WINDOWS\system32\poaywc.dll
2007-10-05 16:05:39 23040 --a------ C:\WINDOWS\system32\ptmike.dll
2007-10-05 1535 28672 --a------ C:\WINDOWS\system32\zinforms.dll
2007-10-05 1524 19456 --a------ C:\WINDOWS\system32\upxdnd.dll
2007-10-05 1524 26624 --a------ C:\WINDOWS\system32\msccrt.dll
2007-10-05 1524 23552 --a------ C:\WINDOWS\system32\DbgHlp32.dll
2007-10-05 1523 42496 --ahs---- C:\WINDOWS\a
2007-10-05 1523 42496 ---hs---- C:\WINDOWS\371662MM.DLL
2007-10-05 1519 19456 --a------ C:\WINDOWS\system32\MsPrint32D.dll
2007-10-05 1519 24064 --a------ C:\WINDOWS\system32\cmdbcs.dll
2007-10-05 15:05:20 24064 --a------ C:\WINDOWS\system32\MsIMMs32.dll
2007-10-05 15:05:16 23552 --a------ C:\WINDOWS\system32\AVPSrv.dll
2007-10-05 15:05:14 125440 --a------ C:\WINDOWS\system32\GenProtect.dll
2007-10-05 15:05:13 24064 --a------ C:\WINDOWS\system32\mppds.dll
2007-10-05 15:05:12 23040 --a------ C:\WINDOWS\system32\Kvsc3.dll
2007-09-17 17:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-09-15 15:03:07 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-15 15:01:55 0 d-------- C:\1bcb0232290cfe07501b89e7
2007-09-15 15:01:51 0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-15 15:01:51 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-15 15:01:22 0 d-------- C:\9073532e81ced276c0


-- Find3M Report ---------------------------------------------------------------

2007-10-12 12:03:01 0 d-------- C:\Program Files\Common Files
2007-10-03 14:46:30 0 d-------- C:\Program Files\DesignPro
2007-10-01 09:35:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-09-19 12:44:32 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/04/2005 15:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/04/2005 15:19]
"RTHDCPL"="RTHDCPL.EXE" [08/03/2005 13:26 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [04/10/2005 23:23]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20/11/2003 19:01]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [01/12/2003 11:38]
"Logitech Utility"="Logi_MwX.Exe" [07/11/2003 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 20:52]
"AVPSrv"="C:\WINDOWS\AVPSrv.exe" []
"Kvsc3"="C:\WINDOWS\Kvsc3.exe" []
"mppds"="C:\WINDOWS\gmiuud.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [19/07/2007 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 09:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [30/08/2006 18:45:59]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"MSDEG32"=LYLoader.exe
"MSDWG32"=LYLoadbr.exe
"MSDCG32 "=LYLeador.exe
"MSDOG32"=LYLoador.exe
"MSDSG32"=LYLoadar.exe
"MSDMG32"=LYLoadmr.exe
"MSDHG32"=LYLoadhr.exe
"MSDQG32"=LYLoadqr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91974}"= winforms.dll [ ]
"{AEB6717E-7E19-11d0-97EE-00C04FD91975}"= zinforms.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=winforms.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
C:\Program Files\Aclient\AClntUsr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv]
C:\WINDOWS\AVPSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
C:\WINDOWS\cmdbcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
C:\WINDOWS\DbgHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect]
C:\WINDOWS\nkasnq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3]
C:\WINDOWS\Kvsc3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt]
C:\WINDOWS\msccrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
C:\WINDOWS\MsIMMs32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
C:\WINDOWS\MsPrint32D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv]
C:\WINDOWS\sbhqby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
C:\WINDOWS\upxdnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AClient"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Persistence"=C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

6775 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-10-12 12:55:20 ------------

Many thanks in advance for any assistance supplied in resolving this.........

[sUBs]

Before anyone will even consider working this log, please tell us if you have a working antivirus program installed on this machine?

If the answer is yes, tell me it's name & the last time you did a full system scan.

If the answer is no, then tell me if you have considered wiping the machine.

[LYT4X]

Hi sUBs I was running a number of them prior to that scan - Adaware, Spybot & SpySweeper with a/v.

I have been running full scans three times a day and here is the latest DSS log (extra.txt did not appear this time):

Deckard's System Scanner v20070905.67
Run by Administrator on 2007-10-14 10:23:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:22, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O20 - AppInit_DLLs: winforms.dll
O23 - Service: 1E3F603C - Unknown owner - C:\WINDOWS\system32\80FEE47E.EXE (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2146 bytes

-- Files created between 2007-09-14 and 2007-10-14 -----------------------------

2007-10-12 14:16:48 0 d-------- C:\Program Files\SpywareBlaster
2007-10-12 09:41:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:40:40 0 d-------- C:\Program Files\Webroot
2007-10-12 09:40:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-12 09:40:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:35:04 164 --a------ C:\install.dat
2007-10-11 09:21:38 28672 --a------ C:\WINDOWS\system32\winforms.dll
2007-10-10 19:09:00 0 d-------- C:\Program Files\Trend Micro
2007-10-10 14:25:12 125440 --a------ C:\WINDOWS\system32\zauowa.dll
2007-10-10 13:54:40 125440 --a------ C:\WINDOWS\system32\ghowkw.dll
2007-10-10 13:50:22 125440 --a------ C:\WINDOWS\system32\chrghj.dll
2007-10-10 13:25:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 11:23:09 125440 --a------ C:\WINDOWS\system32\cfdvpa.dll
2007-10-10 11:19:41 125440 --a------ C:\WINDOWS\system32\jielaz.dll
2007-10-10 10:25:14 0 d-------- C:\WINDOWS\system32\NtmsData
2007-10-10 10:10:37 125440 --a------ C:\WINDOWS\system32\ykqkqs.dll
2007-10-10 10:05:58 125440 --a------ C:\WINDOWS\system32\ehuxlg.dll
2007-10-09 13:47:37 124416 --a------ C:\WINDOWS\system32\rrijtj.dll
2007-10-09 13:43:09 124416 --a------ C:\WINDOWS\system32\sxwjyq.dll
2007-10-09 12:42:46 124416 --a------ C:\WINDOWS\system32\ochtul.dll
2007-10-09 11:38:11 124416 --a------ C:\WINDOWS\system32\qyeksq.dll
2007-10-09 10:37:40 124416 --a------ C:\WINDOWS\system32\xbdooe.dll
2007-10-09 10:33:28 124416 --a------ C:\WINDOWS\system32\nhcrgk.dll
2007-10-08 15:11:33 124416 --a------ C:\WINDOWS\system32\fytxwo.dll
2007-10-08 10:19:47 34304 --a------ C:\WINDOWS\system32\SHQ.DLL
2007-10-08 10:19:46 20 --a------ C:\WINDOWS\system32\mhsha1.dat
2007-10-05 16:13:47 124416 --a------ C:\WINDOWS\system32\poaywc.dll
2007-09-17 17:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-09-15 15:03:07 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-15 15:01:55 0 d-------- C:\1bcb0232290cfe07501b89e7
2007-09-15 15:01:51 0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-15 15:01:51 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-15 15:01:22 0 d-------- C:\9073532e81ced276c0


-- Find3M Report ---------------------------------------------------------------

2007-10-12 12:03:01 0 d-------- C:\Program Files\Common Files
2007-10-03 14:46:30 0 d-------- C:\Program Files\DesignPro
2007-10-01 09:35:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-09-19 12:44:32 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/04/2005 15:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/04/2005 15:19]
"RTHDCPL"="RTHDCPL.EXE" [08/03/2005 13:26 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [04/10/2005 23:23]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20/11/2003 19:01]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [01/12/2003 11:38]
"Logitech Utility"="Logi_MwX.Exe" [07/11/2003 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 20:52]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [19/07/2007 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 09:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [30/08/2006 18:45:59]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91974}"= winforms.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=winforms.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
C:\Program Files\Aclient\AClntUsr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv]
C:\WINDOWS\AVPSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
C:\WINDOWS\cmdbcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
C:\WINDOWS\DbgHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect]
C:\WINDOWS\nkasnq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3]
C:\WINDOWS\Kvsc3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt]
C:\WINDOWS\msccrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
C:\WINDOWS\MsIMMs32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
C:\WINDOWS\MsPrint32D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv]
C:\WINDOWS\sbhqby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
C:\WINDOWS\upxdnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AClient"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Persistence"=C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- End of Deckard's System Scanner: finished at 2007-10-14 10:23:50 ------------

[sUBs]

Adaware, Spybot & SpySweeper are antispyware programs, not antivirus. There's a marked difference. :) Remind me to get you a freeware antivirus after this ...


1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop







2. Go to → Run → paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall

3. When finished, it shall produce a log for you. Post that log & a fresh *Hijackthis* (not DSS) log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


---------


Note: If you do not have the Hijackthis program, you may download it from here > http://download.bleepingcomputer.com...HiJackThis.exe

[LYT4X]

Here is the Combofix log followed by hijackthis log:

ComboFix 07-10-14.1 - Administrator 2007-10-14 11:09:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1609 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 11:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 10:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 10:53 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-12 14:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-10-12 09:41 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-12 09:41 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-12 09:41 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-10-12 09:40 <DIR> d-------- C:\Program Files\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:40 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-10-12 09:35 164 --a------ C:\install.dat
2007-10-10 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 14:25 125,440 --a------ C:\WINDOWS\system32\zauowa.dll
2007-10-10 13:54 125,440 --a------ C:\WINDOWS\system32\ghowkw.dll
2007-10-10 13:50 125,440 --a------ C:\WINDOWS\system32\chrghj.dll
2007-10-10 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 11:23 125,440 --a------ C:\WINDOWS\system32\cfdvpa.dll
2007-10-10 11:19 125,440 --a------ C:\WINDOWS\system32\jielaz.dll
2007-10-10 10:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-10 10:10 125,440 --a------ C:\WINDOWS\system32\ykqkqs.dll
2007-10-10 10:05 125,440 --a------ C:\WINDOWS\system32\ehuxlg.dll
2007-10-10 09:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 13:47 124,416 --a------ C:\WINDOWS\system32\rrijtj.dll
2007-10-09 13:43 124,416 --a------ C:\WINDOWS\system32\sxwjyq.dll
2007-10-09 12:42 124,416 --a------ C:\WINDOWS\system32\ochtul.dll
2007-10-09 11:38 124,416 --a------ C:\WINDOWS\system32\qyeksq.dll
2007-10-09 10:37 124,416 --a------ C:\WINDOWS\system32\xbdooe.dll
2007-10-09 10:33 124,416 --a------ C:\WINDOWS\system32\nhcrgk.dll
2007-10-08 15:11 124,416 --a------ C:\WINDOWS\system32\fytxwo.dll
2007-10-08 10:19 34,304 --a------ C:\WINDOWS\system32\SHQ.DLL
2007-10-08 10:19 20 --a------ C:\WINDOWS\system32\mhsha1.dat
2007-10-05 16:13 124,416 --a------ C:\WINDOWS\system32\poaywc.dll
2007-09-17 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-09-15 15:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-15 15:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-15 15:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 13:46 --------- d-----w C:\Program Files\DesignPro
2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-09-19 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 15:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 15:19]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13:26 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-10-04 23:23]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 09:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-08-30 18:45:59]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=winforms.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
C:\Program Files\Aclient\AClntUsr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv]
C:\WINDOWS\AVPSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
C:\WINDOWS\cmdbcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
C:\WINDOWS\DbgHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect]
C:\WINDOWS\nkasnq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3]
C:\WINDOWS\Kvsc3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt]
C:\WINDOWS\msccrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
C:\WINDOWS\MsIMMs32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
C:\WINDOWS\MsPrint32D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv]
C:\WINDOWS\sbhqby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
C:\WINDOWS\upxdnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AClient"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Persistence"=C:\WINDOWS\system32\igfxpers.exe

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R2 CommSBEP;CommSBEP;C:\WINDOWS\system32\drivers\CommSBEP.sys
S2 1E3F603C;1E3F603C;C:\WINDOWS\system32\80FEE47E.EXE -k

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 11:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 11:11:39
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:10, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.belmont-coms.com/acatalog
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.compuserve.co.uk/search
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.belmont-coms.com
O15 - Trusted Zone: http://london.city-link.co.uk
O15 - Trusted Zone: http://www.city-link.co.uk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1180686731453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1180686695046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: winforms.dll
O23 - Service: 1E3F603C - Unknown owner - C:\WINDOWS\system32\80FEE47E.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7152 bytes

[sUBs]

Please disable Webroot SpySweeper, as it hinders the removal of some entries. You can re-enable it after you're clean. To disable Webroot SpySweeper:

• Go to the Options>Program Options
• Uncheck Load at Windows Startup
• Click Shields & uncheck all items there
• Uncheck Home page shield.
• Automaticly restore default without notification

---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O20 - AppInit_DLLs: winforms.dll
O23 - Service: 1E3F603C - Unknown owner - C:\WINDOWS\system32\80FEE47E.EXE (file missing)

Ignore any prompts for a reboot


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/187548-onlinegames-gen-heuri-e.html
Collect::
C:\WINDOWS\system32\zauowa.dll
C:\WINDOWS\system32\sxwjyq.dll
C:\WINDOWS\system32\SHQ.DLL
File::
C:\WINDOWS\system32\ghowkw.dll
C:\WINDOWS\system32\chrghj.dll
C:\WINDOWS\system32\cfdvpa.dll
C:\WINDOWS\system32\jielaz.dll
C:\WINDOWS\system32\ykqkqs.dll
C:\WINDOWS\system32\ehuxlg.dll
C:\WINDOWS\system32\rrijtj.dll
C:\WINDOWS\system32\ochtul.dll
C:\WINDOWS\system32\qyeksq.dll
C:\WINDOWS\system32\xbdooe.dll
C:\WINDOWS\system32\nhcrgk.dll
C:\WINDOWS\system32\fytxwo.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\poaywc.dll
C:\WINDOWS\system32\80FEE47E.EXE
Driver::
1E3F603C
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]

Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, lease submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Click here perform an online scan >> Online Scanner


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan
3. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[sUBs]

This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.

[LYT4X]

The only problem encountered was at stage 7 of the combofix procedure which gave a warning of:

The instruction at 0x004106ac referenced memory at 0x003d7000. Memory could not be read. (I just clicked OK)

Fresh Hijack, kaspersky & Combofix logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:08, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.belmont-coms.com/acatalog
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: http://www.belmont-coms.com
O15 - Trusted Zone: http://london.city-link.co.uk
O15 - Trusted Zone: http://www.city-link.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1180686731453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1180686695046
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6177 bytes



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 12:57:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435747
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 67443
Number of viruses found: 64
Number of infected objects: 477
Number of suspicious objects: 2
Duration of the scan process: 00:45:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEBC7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEBD9.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinOnLineGamesbkz.zip/upxdnd.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinOnLineGamesbkz.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cfdvpa.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\chrghj.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ehuxlg.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fytxwo.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ghowkw.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jielaz.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nhcrgk.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ochtul.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qyeksq.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rrijtj.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xbdooe.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ykqkqs.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\RECYCLER\S-1-5-21-2030513083-3109868045-3710038803-500\Dc2.zip/sxwjyq.dll Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\RECYCLER\S-1-5-21-2030513083-3109868045-3710038803-500\Dc2.zip/zauowa.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\RECYCLER\S-1-5-21-2030513083-3109868045-3710038803-500\Dc2.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040977.DLL Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040979.EXE Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040980.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040981.DLL Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040982.DLL Infected: Trojan-PSW.Win32.OnLineGames.efr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040984.dll Infected: Trojan-PSW.Win32.OnLineGames.eea skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040985.dll Infected: Trojan-PSW.Win32.OnLineGames.edm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040987.dll Infected: Trojan-PSW.Win32.OnLineGames.edo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040988.dll Infected: Trojan-PSW.Win32.OnLineGames.dgi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040989.dll Infected: Trojan-PSW.Win32.OnLineGames.eec skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040990.dll Infected: Trojan-PSW.Win32.OnLineGames.elh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040991.dll Infected: Trojan-PSW.Win32.OnLineGames.eat skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040992.dll Infected: Trojan-PSW.Win32.Nilage.bqn skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040993.dll Infected: Trojan-PSW.Win32.OnLineGames.ejo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040994.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040996.exe Infected: Trojan-PSW.Win32.OnLineGames.efl skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040997.exe Infected: Trojan-PSW.Win32.OnLineGames.dgi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0040998.exe Infected: Trojan-PSW.Win32.Nilage.bqn skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041005.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041006.exe Infected: Trojan-PSW.Win32.OnLineGames.edp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041007.exe Infected: Trojan-PSW.Win32.OnLineGames.eeb skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041008.exe Infected: Trojan-PSW.Win32.OnLineGames.edn skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041009.exe Infected: Trojan-PSW.Win32.OnLineGames.edd skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041040.exe Infected: Trojan-PSW.Win32.OnLineGames.eed skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041041.exe Infected: Trojan-PSW.Win32.OnLineGames.eat skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041042.DLL Infected: Trojan-PSW.Win32.Lmir.bna skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041043.exe Infected: Trojan-PSW.Win32.Lmir.bna skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041044.dll Infected: Trojan-PSW.Win32.OnLineGames.elu skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041045.exe Infected: Trojan-PSW.Win32.OnLineGames.ejo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP298\A0041046.exe Infected: Trojan-PSW.Win32.Nilage.bqm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP299\snapshot\MFEX-1.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP299\snapshot\MFEX-2.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP299\snapshot\MFEX-3.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041054.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041055.DLL Infected: Trojan-PSW.Win32.OnLineGames.efr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041056.exe Infected: Trojan-PSW.Win32.OnLineGames.ejz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041057.dll Infected: Trojan-PSW.Win32.OnLineGames.ekz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041058.exe Infected: Trojan-PSW.Win32.OnLineGames.elw skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041059.dll Infected: Trojan-PSW.Win32.OnLineGames.elw skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041060.exe Infected: Trojan-PSW.Win32.OnLineGames.ejm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041061.exe Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041062.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041063.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041064.dll Infected: Trojan-PSW.Win32.OnLineGames.eoi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041065.exe Infected: Trojan-PSW.Win32.OnLineGames.dgi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041066.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041067.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041068.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041069.exe Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041070.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041071.exe Infected: Trojan-PSW.Win32.OnLineGames.ejo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041072.dll Infected: Trojan-PSW.Win32.OnLineGames.ejo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041073.exe Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041074.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041075.dll Infected: Trojan-PSW.Win32.OnLineGames.elu skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041076.exe Infected: Trojan-PSW.Win32.Nilage.bqm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041077.EXE Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041080.dll Infected: Trojan-PSW.Win32.OnLineGames.ejm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041081.dll Infected: Trojan-PSW.Win32.OnLineGames.dgi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041082.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041104.DLL Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041108.DLL Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041109.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041110.DLL Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041111.EXE Infected: Trojan-PSW.Win32.OnLineGames.elk skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041112.DLL Infected: Trojan-PSW.Win32.OnLineGames.efr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041113.DLL Infected: Trojan-PSW.Win32.OnLineGames.eph skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041114.DLL Infected: Trojan-PSW.Win32.OnLineGames.ezp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041115.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041116.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041117.dll Infected: Trojan-PSW.Win32.OnLineGames.ejm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041118.dll Infected: Trojan-PSW.Win32.OnLineGames.ejo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041119.dll Infected: Trojan-PSW.Win32.OnLineGames.elw skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041120.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041121.dll Infected: Trojan-PSW.Win32.OnLineGames.eoi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041122.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041123.dll Infected: Trojan-PSW.Win32.OnLineGames.dgi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041124.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041125.dll Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041128.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041129.exe Infected: Trojan-PSW.Win32.OnLineGames.dgi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041130.exe Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041131.EXE Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041137.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041138.exe Infected: Trojan-PSW.Win32.OnLineGames.elw skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041139.exe Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041140.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041141.exe Infected: Trojan-PSW.Win32.OnLineGames.ejm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041142.exe Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041143.exe Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041144.exe Infected: Trojan-PSW.Win32.OnLineGames.ejo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041145.exe Infected: Trojan-PSW.Win32.Nilage.bqm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041146.dll Infected: Trojan-PSW.Win32.OnLineGames.elu skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041147.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041148.exe Infected: Trojan-PSW.Win32.Lmir.bmp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\A0041170.EXE Infected: Trojan-PSW.Win32.OnLineGames.elk skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\snapshot\MFEX-1.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\snapshot\MFEX-2.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP300\snapshot\MFEX-3.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041221.EXE Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041222.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041223.DLL Infected: Trojan-PSW.Win32.OnLineGames.efr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041224.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041225.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041226.exe Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041227.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041228.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041229.exe Infected: Trojan-PSW.Win32.OnLineGames.dgi skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041230.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041231.exe Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041232.exe Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041233.exe Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041234.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041235.exe Infected: Trojan-PSW.Win32.Nilage.bqm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\A0041236.dll Infected: Trojan-PSW.Win32.OnLineGames.fbb skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\snapshot\MFEX-1.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\snapshot\MFEX-2.DAT Infected: Trojan-PSW.Win32.OnLineGames.ezp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\snapshot\MFEX-3.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP301\snapshot\MFEX-4.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\A0042255.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\A0042256.DLL Infected: Trojan-PSW.Win32.OnLineGames.efr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\A0042257.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\A0042258.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\A0042259.exe Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\A0042260.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\A0042261.EXE Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\snapshot\MFEX-1.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP302\snapshot\MFEX-2.DAT Infected: Trojan-PSW.Win32.OnLineGames.ezp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042483.exe Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042484.exe Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042486.dll Infected: Trojan-Proxy.Win32.Agent.lv skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042490.DLL Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042493.EXE Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042498.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042499.DLL Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042500.DLL Infected: Trojan-PSW.Win32.OnLineGames.efr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042501.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042502.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042503.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042504.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042505.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042506.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042507.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042508.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042509.exe Infected: Trojan-PSW.Win32.OnLineGames.dkt skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042511.exe Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042512.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042513.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042514.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042515.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042516.exe Infected: Trojan-PSW.Win32.Lmir.bmp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042517.exe Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042518.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042519.exe Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042520.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042521.dll Infected: Trojan-PSW.Win32.OnLineGames.fbb skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042522.exe Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042523.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042524.exe Infected: Trojan-PSW.Win32.OnLineGames.eqf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042526.dll Infected: Trojan-PSW.Win32.OnLineGames.fau skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042531.DLL Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042532.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042533.DLL Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042534.EXE Infected: Trojan-PSW.Win32.OnLineGames.ezp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042535.DLL Infected: Trojan-PSW.Win32.OnLineGames.efr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042536.DLL Infected: Trojan-PSW.Win32.OnLineGames.eph skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042537.DLL Infected: Trojan-PSW.Win32.OnLineGames.ezp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042538.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042539.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042540.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042541.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042542.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042544.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042545.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042546.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042548.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042549.exe Infected: Trojan-PSW.Win32.OnLineGames.dkt skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042550.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042552.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042554.EXE Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042559.EXE Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042560.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042561.exe Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042562.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042563.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042564.exe Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042565.exe Infected: Trojan-PSW.Win32.OnLineGames.eqf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042566.exe Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042567.dll Infected: Trojan-PSW.Win32.OnLineGames.fbb skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042568.exe Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042569.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\A0042570.exe Infected: Trojan-PSW.Win32.Lmir.bmp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\snapshot\MFEX-1.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\snapshot\MFEX-2.DAT Infected: Trojan-PSW.Win32.OnLineGames.ezp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP303\snapshot\MFEX-3.DAT Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042838.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042839.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042840.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042841.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042842.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042844.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042845.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042846.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042847.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042849.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042850.dll Infected: Trojan-PSW.Win32.OnLineGames.fbb skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042868.dll Infected: Trojan-PSW.Win32.OnLineGames.fau skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042907.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042909.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042911.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042913.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042915.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042919.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042921.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042923.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042924.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042929.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042949.dll Infected: Trojan-PSW.Win32.OnLineGames.fbb skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042952.DLL Infected: Trojan-PSW.Win32.OnLineGames.ezp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042973.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042978.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042980.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042982.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042984.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042988.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042989.dll Infected: Trojan-PSW.Win32.OnLineGames.fau skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042990.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042994.dll Infected: Trojan-PSW.Win32.OnLineGames.fbb skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042996.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0042998.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043000.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043022.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043024.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043028.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043029.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043031.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043032.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043033.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043035.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043036.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP304\A0043037.dll Infected: Trojan-PSW.Win32.OnLineGames.fau skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043064.dll Infected: Trojan-PSW.Win32.OnLineGames.eyv skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043068.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043069.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043070.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043072.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043073.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043074.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043075.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043076.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043078.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043080.dll Infected: Trojan-PSW.Win32.OnLineGames.fau skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043110.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043111.dll Infected: Trojan-PSW.Win32.OnLineGames.fak skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043113.dll Infected: Trojan-PSW.Win32.OnLineGames.fal skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043116.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043195.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043196.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043197.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043198.exe Infected: Trojan-PSW.Win32.OnLineGames.efl skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043199.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043200.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043201.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043202.exe Infected: Trojan-PSW.Win32.OnLineGames.efl skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043203.dll Infected: Trojan-PSW.Win32.Nilage.bql skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043204.exe Infected: Trojan-PSW.Win32.OnLineGames.efl skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043205.dll Infected: Trojan-PSW.Win32.OnLineGames.dyo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043206.exe Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043207.exe Infected: Trojan-PSW.Win32.OnLineGames.erm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043208.exe Infected: Trojan-PSW.Win32.OnLineGames.erm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043209.exe Infected: Trojan-PSW.Win32.OnLineGames.erm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043210.exe Infected: Trojan-PSW.Win32.OnLineGames.fau skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043211.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043212.exe Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043213.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043214.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043215.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043216.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043217.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043218.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043219.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043220.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043221.exe Infected: Trojan-PSW.Win32.OnLineGames.ezx skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043222.exe Infected: Trojan-PSW.Win32.OnLineGames.ezv skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043223.exe Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043224.exe Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043225.exe Infected: Trojan-PSW.Win32.OnLineGames.eqf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043226.exe Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043227.exe Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043228.exe Infected: Trojan-PSW.Win32.OnLineGames.eqf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043229.exe Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043230.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043231.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043232.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043233.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043234.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043236.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043237.exe Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043238.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043239.exe Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043240.exe Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043241.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043242.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043243.exe Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043244.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043245.exe Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043246.exe Infected: Trojan-PSW.Win32.OnLineGames.ezz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043247.exe Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043248.exe Infected: Trojan-PSW.Win32.OnLineGames.elf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043249.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043250.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043251.exe Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043252.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043253.exe Infected: Trojan-PSW.Win32.OnLineGames.eyy skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043254.exe Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043255.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043256.exe Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043257.exe Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043258.exe Infected: Trojan-PSW.Win32.OnLineGames.eyu skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043259.exe Infected: Trojan-PSW.Win32.OnLineGames.eqf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043260.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043261.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043262.exe Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043263.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043264.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043265.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043266.exe Infected: Trojan-PSW.Win32.OnLineGames.eyu skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043267.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043268.exe Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043269.exe Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043270.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043271.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043272.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043273.exe Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043274.exe Infected: Trojan-PSW.Win32.OnLineGames.eoh skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043275.exe Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043276.exe Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043277.exe Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043279.DLL Infected: Trojan-PSW.Win32.OnLineGames.efg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043280.DLL Infected: Virus.Win32.AutoRun.pz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043297.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043298.dll Infected: Trojan-PSW.Win32.OnLineGames.fal skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043299.dll Infected: Trojan-PSW.Win32.OnLineGames.fak skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043300.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043363.EXE Infected: Trojan-Downloader.Win32.Agent.eay skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043365.DLL Infected: Trojan-Downloader.Win32.Agent.eay skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043381.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043382.dll Infected: Trojan-PSW.Win32.OnLineGames.fal skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043383.dll Infected: Trojan-PSW.Win32.OnLineGames.fak skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP305\A0043385.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP306\A0043509.exe Infected: Trojan-PSW.Win32.Lmir.bmp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP306\A0043510.exe Infected: Trojan-PSW.Win32.OnLineGames.eqf skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP306\A0043515.DLL Infected: Trojan-Downloader.Win32.Agent.eay skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP306\A0043527.dll Infected: Trojan-PSW.Win32.OnLineGames.fak skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP306\A0043528.dll Infected: Trojan-PSW.Win32.OnLineGames.fal skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP306\A0043529.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP306\A0043530.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP307\A0043559.dll Infected: Trojan-Proxy.Win32.Agent.lv skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP307\A0043560.exe Infected: Trojan-PSW.Win32.Lmir.bmp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP307\A0043561.EXE Infected: Trojan-Downloader.Win32.Agent.eay skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP307\A0043562.dll Infected: Trojan-PSW.Win32.OnLineGames.fak skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP307\A0043563.dll Infected: Trojan-PSW.Win32.OnLineGames.fal skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP307\A0043564.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP307\A0043565.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043574.exe Infected: Trojan-PSW.Win32.OnLineGames.egt skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043575.DLL Infected: Trojan-PSW.Win32.Lmir.bmq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043577.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043578.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043579.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043580.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043581.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043582.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043583.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043584.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043585.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043586.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043587.dll Infected: Trojan-PSW.Win32.OnLineGames.ezx skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043588.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043589.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043590.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043591.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043592.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043593.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043594.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043595.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043596.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043597.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043598.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043599.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043600.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043601.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043602.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043603.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043604.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043605.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043606.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043607.dll Infected: Trojan-PSW.Win32.OnLineGames.eqg skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043608.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043609.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043610.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043611.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043612.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043613.dll Infected: Trojan-PSW.Win32.OnLineGames.ezv skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043614.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043615.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043616.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043617.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043618.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043619.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043620.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043621.dll Infected: Trojan-PSW.Win32.OnLineGames.eea skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043622.dll Infected: Trojan-PSW.Win32.OnLineGames.eea skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043623.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043624.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043625.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043626.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043627.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043628.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043629.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043630.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043631.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043632.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043633.dll Infected: Trojan-PSW.Win32.OnLineGames.edm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043634.dll Infected: Trojan-PSW.Win32.OnLineGames.fbo skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043635.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043636.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043637.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043638.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043639.dll Infected: Trojan-PSW.Win32.OnLineGames.ejm skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043640.dll Infected: Trojan-PSW.Win32.OnLineGames.elw skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043641.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043642.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043643.dll Infected: Trojan-PSW.Win32.OnLineGames.eno skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043644.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043645.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043646.dll Infected: Trojan-PSW.Win32.OnLineGames.enr skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043647.dll Infected: Trojan-PSW.Win32.OnLineGames.eln skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043648.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043649.dll Infected: Trojan-PSW.Win32.OnLineGames.enq skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043650.dll Infected: Trojan-PSW.Win32.OnLineGames.enp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043651.dll Infected: Trojan-PSW.Win32.OnLineGames.ens skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043652.dll Infected: Trojan-PSW.Win32.OnLineGames.ems skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043654.dll Infected: Trojan-PSW.Win32.OnLineGames.fal skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043655.dll Infected: Trojan-PSW.Win32.OnLineGames.fak skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043656.dll Infected: Trojan-PSW.Win32.OnLineGames.ezz skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043658.dll Infected: Trojan-PSW.Win32.OnLineGames.eli skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043659.dll Infected: Trojan-PSW.Win32.OnLineGames.fbb skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043660.dll Infected: Trojan-PSW.Win32.OnLineGames.eyv skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043665.exe Infected: Trojan-PSW.Win32.Lmir.bmp skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP308\A0043827.dll Infected: Trojan-PSW.Win32.OnLineGames.fau skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043967.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043968.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043969.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043970.dll Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043971.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043972.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043973.dll Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043974.dll Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043976.dll Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043977.dll Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043978.dll Infected: Trojan-PSW.Win32.OnLineGames.enc skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\A0043979.dll Infected: Trojan-PSW.Win32.OnLineGames.eog skipped
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP310\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


ComboFix 07-10-14.1 - Administrator 2007-10-14 11:36:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1638 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\80FEE47E.EXE
C:\WINDOWS\system32\cfdvpa.dll
C:\WINDOWS\system32\chrghj.dll
C:\WINDOWS\system32\ehuxlg.dll
C:\WINDOWS\system32\fytxwo.dll
C:\WINDOWS\system32\ghowkw.dll
C:\WINDOWS\system32\jielaz.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\nhcrgk.dll
C:\WINDOWS\system32\ochtul.dll
C:\WINDOWS\system32\poaywc.dll
C:\WINDOWS\system32\qyeksq.dll
C:\WINDOWS\system32\rrijtj.dll
C:\WINDOWS\system32\xbdooe.dll
C:\WINDOWS\system32\ykqkqs.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cfdvpa.dll
C:\WINDOWS\system32\chrghj.dll
C:\WINDOWS\system32\ehuxlg.dll
C:\WINDOWS\system32\fytxwo.dll
C:\WINDOWS\system32\ghowkw.dll
C:\WINDOWS\system32\jielaz.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\nhcrgk.dll
C:\WINDOWS\system32\ochtul.dll
C:\WINDOWS\system32\poaywc.dll
C:\WINDOWS\system32\qyeksq.dll
C:\WINDOWS\system32\rrijtj.dll
C:\WINDOWS\system32\SHQ.DLL
C:\WINDOWS\system32\sxwjyq.dll
C:\WINDOWS\system32\xbdooe.dll
C:\WINDOWS\system32\ykqkqs.dll
C:\WINDOWS\system32\zauowa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_1E3F603C
-------\1E3F603C


((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-14 11:08 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-12 14:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:41 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-10-12 09:41 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-12 09:41 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-12 09:41 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-10-12 09:40 <DIR> d-------- C:\Program Files\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:40 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-10-12 09:35 164 --a------ C:\install.dat
2007-10-10 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 10:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-10 09:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-09-17 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-09-15 15:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-15 15:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-15 15:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 13:46 --------- d-----w C:\Program Files\DesignPro
2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-09-19 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_11.11.18.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-14 09:51:55 41,292 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-14 10:35:20 41,292 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-14 09:51:55 315,282 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-14 10:35:20 315,282 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 15:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 15:19]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13:26 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-10-04 23:23]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 19:01]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 09:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-08-30 18:45:59]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
C:\Program Files\Aclient\AClntUsr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AClient"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Persistence"=C:\WINDOWS\system32\igfxpers.exe

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R2 CommSBEP;CommSBEP;C:\WINDOWS\system32\drivers\CommSBEP.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 11:40:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 11:41:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-14 11:11
.
--- E O F ---

[sUBs]

Does your machine feel as good as it looks?

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinOnLineGamesbkz.zip"
"C:\RECYCLER\S-1-5-21-2030513083-3109868045-3710038803-500\Dc2.zip"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
swreg delete "hklm\software\microsoft\shared tools\msconfig\startupreg\winsysm"
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

[LYT4X]

It said "deleted successfully" and then disappeared........

[sUBs]

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

1. Uninstall ComboFix (do not skip this step)
   This process will perform some post cleanup measures.
   Do this by going to to Start > Run & typing in ComboFix /u
   
   
2. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
3. FIREWALL
   Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here ? http://www.bleepingcomputer.com/forums/tutorial60.html
   
   
   
4. Microsoft Windows Update ? http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
5. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html
   
   
   
6. IE-SPYAD
   IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[LYT4X]

Quote:

Originally Posted by sUBs

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure

If I'm now clean, then I would like to offer sincere thanks to you and also offer to contribute financially to whatever keeps this forum (and you guys) going. Please advise.

Uninstall ComboFix - Done!

ANTIVIRUS SOFTWARE - Spysweeper with Anti Virus installed along with SpywareBlaster.

FIREWALL - Have a router firewall + windows firewall on

Microsoft Windows Update - Automatic updates on

SPYWAREBLASTER - Done!

IE-SPYAD - Next move.....

Quote:

Originally Posted by sUBs

Kindly respond to this thread once more so we can mark this thread as resolved.

Now I'm about to start the process all over again with SWMBOs desktop which has all the same problems from the same (infected SD card source). Can I repeat everything above or do I start a new bespoke thread?

Finally, How do you or I know if I'm clean now?

The only strange thing I'm noticing is odd icons in the favourites list for any site I use with a password entry (eg bank), hence I'm still a bit concerned.

[sUBs]

Quote:

is odd icons in the favourites list

Please show me a screenshot of it

[LYT4X]

How do I do this..... I've often wondered how people paste a screenshot....

Or should I also say, how do I do this without putting my (potentially interesting to others) favourites on the www?

[sUBs]

LOL ... you can upload it to my private channel. It won't be for public viewing

http://www.bleepingcomputer.com/subm....php?channel=4

[LYT4X]

OK, so how do I save a screenshot???.....

[sUBs]

Do you have a 'PrintScreen' button on your keyboard?

Simply depress the PrintScreen button.

Then launch the Windows Paint program, accessible through Start > Programs > Accessories > Paint

Once Paint opens, click once on canvas & then press [Ctrl]+[V] on your keyboard to paste it in

[LYT4X]

It's like learning to walk all over again.... 12 years of working on a PC and I never knew that

Uploaded as requested.

[sUBs]

Seen the screenshot. What did those 2 icons used to look like?

[LYT4X]

The one which is now 'TS' was the logo from the bank.

The one below was exactly the same as the second top of the list (D3).