PDA

View Full Version : Tons of Trogens / bugs



jonathanasdf
2007-11-30, 21:34
Hello again.

My friend's laptop seems to be infected with lots of trogens/worms. He does not have any antivirus software, and just brought the topic to my attention. Could you help him clean his system?

Right now, when he doubleclicks his C drive or D drive, a window pops up asking which program to open the drive with. It is not the autoplay worm. Also, right clicking and selecting open or explore doesn't work. Only typing the address in the address bar opens it. Also, any changes to folder options are reverted as soon as the window is closed. Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:44 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ASScrPro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2003\EDICT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 11149 bytes

Kaspersky log on next post. It found 128 trogens.

jonathanasdf
2007-11-30, 22:08
Here is the Kaspersky log.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 30, 2007 8:59:55 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/11/2007
Kaspersky Anti-Virus database records: 469132
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 83968
Number of viruses found: 10
Number of infected objects: 128
Number of suspicious objects: 0
Duration of the scan process: 01:07:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Max Lee\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Max Lee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temp\b95d9we.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\Documents and Settings\Max Lee\Local Settings\Temp\n2lqqxef.dll Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\Documents and Settings\Max Lee\Local Settings\Temp\w4baeb8.dll Infected: Trojan-PSW.Win32.OnLineGames.jap skipped
C:\Documents and Settings\Max Lee\Local Settings\Temp\~DF8323.tmp Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\5FH2GJP4\zz[1].exe Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\CCE1QBL1\ADSAdClient31[1].htm Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\E90N0R6T\c[4].gif Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Max Lee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Max Lee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\ntdelect.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001863.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001864.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001886.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001887.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001927.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001928.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001948.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001949.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001970.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001971.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001977.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001978.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002112.dll Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002113.dll Infected: Trojan-PSW.Win32.OnLineGames.htc skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002114.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002115.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002137.dll Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002138.dll Infected: Trojan-PSW.Win32.OnLineGames.htc skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002139.exe Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002140.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002141.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002455.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002456.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002457.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002458.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002473.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002474.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002475.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002476.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002500.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002501.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002502.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002503.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002535.exe Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002622.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002623.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002625.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002626.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002634.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002635.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004014.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004015.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004032.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004034.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004035.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004081.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004083.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004084.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004124.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004125.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004160.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004161.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004162.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004180.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004181.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004215.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004216.exe Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004217.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004218.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004246.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004256.dll Infected: Trojan-PSW.Win32.OnLineGames.jav skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004257.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\A0004262.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\change.log Object is locked skipped

continued..

jonathanasdf
2007-11-30, 22:08
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kavo.exe Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\WINDOWS\system32\kavo0.dll Infected: Trojan-PSW.Win32.OnLineGames.jav skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\ntdelect.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001865.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001866.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001888.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001889.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001929.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001930.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001950.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001951.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001972.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001973.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001979.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001980.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002116.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002117.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002142.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002143.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002459.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002460.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002477.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002478.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002504.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002505.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002627.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002628.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002636.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002637.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004016.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004017.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004036.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004037.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004085.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004086.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004126.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004127.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004163.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004164.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004182.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004183.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004219.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004220.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004248.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004259.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\A0004264.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\change.log Object is locked skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP59\A0005924.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP59\A0005925.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP60\A0006021.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP60\A0006022.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP61\A0006062.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP61\A0006063.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006103.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006104.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006613.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006614.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP63\A0006662.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP63\A0006663.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP64\A0006680.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP64\A0006681.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped

Scan process completed.

Thanks.

jonathanasdf
2007-12-01, 03:54
oops. sorry. posted in the wrong forum. Please move this.

jonathanasdf
2007-12-03, 07:03
Sorry. I forgot to uncheck word wrap, thus I will repost the logs. Ignore the top parts.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:44 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ASScrPro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2003\EDICT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

jonathanasdf
2007-12-03, 07:05
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 30, 2007 8:59:55 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/11/2007
Kaspersky Anti-Virus database records: 469132
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 83968
Number of viruses found: 10
Number of infected objects: 128
Number of suspicious objects: 0
Duration of the scan process: 01:07:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Max Lee\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Max Lee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temp\b95d9we.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\Documents and Settings\Max Lee\Local Settings\Temp\n2lqqxef.dll Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\Documents and Settings\Max Lee\Local Settings\Temp\w4baeb8.dll Infected: Trojan-PSW.Win32.OnLineGames.jap skipped
C:\Documents and Settings\Max Lee\Local Settings\Temp\~DF8323.tmp Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\5FH2GJP4\zz[1].exe Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\CCE1QBL1\ADSAdClient31[1].htm Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\E90N0R6T\c[4].gif Object is locked skipped
C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Max Lee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Max Lee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\ntdelect.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001863.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001864.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001886.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001887.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001927.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001928.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001948.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001949.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001970.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001971.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001977.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001978.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002112.dll Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002113.dll Infected: Trojan-PSW.Win32.OnLineGames.htc skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002114.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002115.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002137.dll Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002138.dll Infected: Trojan-PSW.Win32.OnLineGames.htc skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002139.exe Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002140.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002141.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002455.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002456.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002457.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002458.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002473.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002474.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002475.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002476.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002500.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002501.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002502.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002503.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002535.exe Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002622.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002623.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002625.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002626.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002634.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002635.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004014.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004015.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004032.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004034.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004035.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004081.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004083.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004084.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004124.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004125.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004160.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004161.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004162.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004180.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004181.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004215.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004216.exe Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004217.com Infected: Virus.Win32.AutoRun.aed skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004218.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004246.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004256.dll Infected: Trojan-PSW.Win32.OnLineGames.jav skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004257.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\A0004262.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\change.log Object is locked skipped

continued..

jonathanasdf
2007-12-03, 07:06
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kavo.exe Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
C:\WINDOWS\system32\kavo0.dll Infected: Trojan-PSW.Win32.OnLineGames.jav skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\ntdelect.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001865.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001866.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001888.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001889.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001929.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001930.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001950.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001951.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001972.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001973.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001979.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001980.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002116.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002117.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002142.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002143.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002459.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002460.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002477.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002478.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002504.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002505.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002627.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002628.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002636.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002637.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004016.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004017.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004036.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004037.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004085.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004086.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004126.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004127.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004163.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004164.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004182.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004183.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004219.com Infected: Virus.Win32.AutoRun.aed skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004220.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004248.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004259.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\A0004264.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\change.log Object is locked skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP59\A0005924.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP59\A0005925.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP60\A0006021.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP60\A0006022.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP61\A0006062.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP61\A0006063.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006103.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006104.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006613.com Infected: Trojan-PSW.Win32.Magania.awb skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006614.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP63\A0006662.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP63\A0006663.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP64\A0006680.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped
D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP64\A0006681.inf Infected: Trojan-PSW.Win32.OnLineGames.eqs skipped

Scan process completed.

Thanks a lot.

katana
2007-12-07, 00:45
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Do you play online games at all ?

Trojan-PSW.Win32.OnLineGames.eqs ( and its other variants on your machine) is a password stealer for online games.

Also, do you have two separate windows installs ? you have C:\ and D:\ showing in your log both with System Volume Information


Flash Disinfector by sUBs
Please download Flash_Disinfector.exe (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe) by sUBs and save it to your desktop:


* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


Please restart your computer.


Download and Run ComboFix

Download Combofix from one of the links below :

ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Then double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision

jonathanasdf
2007-12-07, 02:35
Hello, again, this is my friends computer, and he knows almost nothing about viruses. He didn't even have an antivirus system. He does not know whether he has two separate windows installs, but there is a possibility that when he bought his laptop it came dual-installed. I noticed that when I booted into safe mode, first a prompt for Windows 98 safe mode came up, and after choosing to boot normally, the Windows XP safe mode prompt came up. Thus, it was possible that XP was installed over his windows 98. Also, the reason as to why he might have two system restore informations is because he has the worm autorun.inf in both his drives. NOD32 is detecting and deleting them, but they pop back up.

Tomorrow at school I'll scan it with combofix and Flash Disinfector and post the logs.

jonathanasdf
2007-12-09, 06:04
Just to keep this from being closed, I want to inform you that yes I am still monitoring it, it's just that I cannot scan my friends computer except when I'm at school, and this Monday is a Pro D Day. So, I'll probably get back to this topic with results on tuesday.

katana
2007-12-09, 11:41
:bigthumb:

Thanks for keeping us informed ;)

jonathanasdf
2007-12-11, 21:59
OK thanks. Here is the combofix log. Autorun.inf seems to have been disinfected.


ComboFix 07-12-12.3 - Max Lee 2007-12-11 11:55:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1033.18.566 [GMT -8:00]
Running from: C:\Documents and Settings\Max Lee\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ntdelect.com
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
D:\ntdelect.com

.
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.

2007-12-10 09:35 . 2007-12-10 09:35 268 --ah----- C:\sqmdata07.sqm
2007-12-10 09:35 . 2007-12-10 09:35 244 --ah----- C:\sqmnoopt07.sqm
2007-12-10 01:04 . 2007-12-10 01:04 268 --ah----- C:\sqmdata06.sqm
2007-12-10 01:04 . 2007-12-10 01:04 244 --ah----- C:\sqmnoopt06.sqm
2007-12-05 11:16 . 2007-12-05 11:16 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\ESET
2007-12-05 08:56 . 2007-12-05 08:56 268 --ah----- C:\sqmdata05.sqm
2007-12-05 08:56 . 2007-12-05 08:56 244 --ah----- C:\sqmnoopt05.sqm
2007-12-05 08:53 . 2007-12-05 08:53 268 --ah----- C:\sqmdata04.sqm
2007-12-05 08:53 . 2007-12-05 08:53 244 --ah----- C:\sqmnoopt04.sqm
2007-12-04 22:34 . 2007-12-04 22:34 268 --ah----- C:\sqmdata03.sqm
2007-12-04 22:34 . 2007-12-04 22:34 244 --ah----- C:\sqmnoopt03.sqm
2007-12-03 11:48 . 2007-12-04 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 19:24 . 2006-08-24 17:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-11-30 11:35 . 2007-11-30 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-30 10:26 . 2007-11-30 10:26 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\Lavasoft
2007-11-29 10:33 . 2007-11-29 10:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-29 10:33 . 2007-11-29 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-25 17:00 . 2007-11-25 17:00 <DIR> d-------- C:\Program Files\Virtools
2007-11-19 10:25 . 2007-12-10 20:09 <DIR> d-------- C:\Program Files\djmax
2007-11-18 09:06 . 2007-11-18 09:06 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\AdobeUM
2007-11-18 00:52 . 2007-11-18 00:52 <DIR> d-------- C:\Program Files\Netmarble
2007-11-17 23:55 . 2007-11-17 23:57 <DIR> d-------- C:\Netmarble
2007-11-17 23:54 . 2007-11-17 23:55 <DIR> d--h----- C:\Documents and Settings\Max Lee\Application Data\netmarble
2007-11-17 00:20 . 2007-11-17 00:20 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-16 09:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-16 09:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-16 09:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-16 09:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-15 23:20 . 2007-11-15 23:20 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-15 23:16 . 2007-11-15 23:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-15 23:16 . 2006-10-04 06:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-15 23:16 . 2006-10-04 06:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-15 23:16 . 2006-10-04 06:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-15 23:15 . 2007-11-15 23:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-15 23:13 . 2007-12-11 11:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-15 23:13 . 2007-11-15 23:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-15 23:12 . 2007-11-15 23:12 <DIR> d-------- C:\Program Files\iPod
2007-11-15 23:12 . 2007-11-15 23:12 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\Apple Computer
2007-11-15 23:11 . 2007-11-15 23:11 <DIR> d-------- C:\Program Files\QuickTime
2007-11-15 23:11 . 2007-11-15 23:12 <DIR> d-------- C:\Program Files\iTunes
2007-11-15 23:11 . 2007-11-15 23:11 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-15 23:11 . 2007-11-15 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-15 23:10 . 2007-11-15 23:10 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-15 23:10 . 2007-11-15 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-15 23:06 . 2007-11-15 23:06 <DIR> d-------- C:\Program Files\Windows Live
2007-11-15 23:06 . 2007-11-15 23:06 <DIR> d-------- C:\Program Files\MSN Messenger
2007-11-15 23:06 . 2007-11-15 23:06 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-11-15 23:06 . 2007-11-15 23:06 268 --ah----- C:\sqmdata00.sqm
2007-11-15 23:06 . 2007-11-15 23:06 244 --ah----- C:\sqmnoopt00.sqm
2007-11-15 21:02 . 2007-07-09 05:16 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-15 20:53 . 2007-11-15 20:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-11-15 20:51 . 2007-11-28 09:16 <DIR> d-------- C:\Documents and Settings\Max Lee\Contacts
2007-11-15 20:51 . 2007-11-15 20:51 244 --ah----- C:\sqmnoopt02.sqm
2007-11-15 20:51 . 2007-11-15 20:51 232 --ah----- C:\sqmdata02.sqm
2007-11-15 20:50 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-15 20:50 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-11-15 20:50 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-15 20:50 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-11-15 12:50 . 2007-11-15 12:50 <DIR> d-------- C:\Program Files\Ocean Technology
2007-11-15 12:50 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll
2007-11-15 12:49 . 2007-11-15 12:49 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\InstallShield
2007-11-15 12:48 . 2007-11-15 12:48 268 --ah----- C:\sqmdata01.sqm
2007-11-15 12:48 . 2007-11-15 12:48 244 --ah----- C:\sqmnoopt01.sqm
2007-11-15 12:46 . 2007-11-15 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-15 12:41 . 2004-08-04 19:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-11-14 15:06 . 2007-11-14 15:06 53,768 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-11-14 15:06 . 2007-11-14 15:06 50,696 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-11-14 15:06 . 2007-11-14 15:06 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-11-14 15:04 . 2007-11-14 15:04 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-14 15:03 . 2007-11-14 15:03 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 00:45 --------- d-----w C:\Program Files\Symantec
2007-12-10 00:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-22 20:10 --------- d-----w C:\Program Files\ASUS Lifeframe
2007-11-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 16:09]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 09:22]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 19:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 10:51]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 10:52]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 10:56]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 16:13]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 01:26]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-05-28 18:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 19:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 19:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 19:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 19:00]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 22:34 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 03:01 C:\WINDOWS\RTHDCPL.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 22:17]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 22:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 22:13]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 04:24]
"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2006-08-24 17:11]
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 20:14]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-14 15:05]

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\ntdelect.com
\Shell\explore\Command - ntdeIect.com
\Shell\open\Command - ntdeIect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65f59fb2-9f7f-11dc-8ae3-001731ee1657}]
\Shell\AutoRun\command - F:\ntdelect.com
\Shell\explore\Command - F:\ntdelect.com
\Shell\open\Command - F:\ntdelect.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 07:11:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 11:56:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 11:57:18
.
2007-12-11 19:49:44 --- E O F ---


Thanks.

katana
2007-12-12, 00:52
Looks good
You will need an internet conection for this next part, and it may take a while to run the Kaspersky scan
so I don't know how you will work it with your friend

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65f59fb2-9f7f-11dc-8ae3-001731ee1657}]

Save this as CFScript.txt and place it on your desktop.


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

You only need to post the Kaspersky log

jonathanasdf
2007-12-12, 20:53
Here is the combofix log. I will post the Kaspersky log later.


Command switches used :: C:\Documents and Settings\Max Lee\Desktop\CFScript.txt
* Created a new restore point
.

Files Created from 2007-11-13 to 2007-12-13
.

2007-12-10 09:35 . 2007-12-10 09:35 268 --ah----- C:\sqmdata07.sqm
2007-12-10 09:35 . 2007-12-10 09:35 244 --ah----- C:\sqmnoopt07.sqm
2007-12-10 01:04 . 2007-12-10 01:04 268 --ah----- C:\sqmdata06.sqm
2007-12-10 01:04 . 2007-12-10 01:04 244 --ah----- C:\sqmnoopt06.sqm
2007-12-05 11:16 . 2007-12-05 11:16 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\ESET
2007-12-05 08:56 . 2007-12-05 08:56 268 --ah----- C:\sqmdata05.sqm
2007-12-05 08:56 . 2007-12-05 08:56 244 --ah----- C:\sqmnoopt05.sqm
2007-12-05 08:53 . 2007-12-05 08:53 268 --ah----- C:\sqmdata04.sqm
2007-12-05 08:53 . 2007-12-05 08:53 244 --ah----- C:\sqmnoopt04.sqm
2007-12-04 22:34 . 2007-12-04 22:34 268 --ah----- C:\sqmdata03.sqm
2007-12-04 22:34 . 2007-12-04 22:34 244 --ah----- C:\sqmnoopt03.sqm
2007-12-03 11:48 . 2007-12-04 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 19:24 . 2006-08-24 17:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-11-30 11:35 . 2007-11-30 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-11-30 10:26 . 2007-11-30 10:26 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\Lavasoft
2007-11-29 10:33 . 2007-11-29 10:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-29 10:33 . 2007-11-29 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-25 17:00 . 2007-11-25 17:00 <DIR> d-------- C:\Program Files\Virtools
2007-11-19 10:25 . 2007-12-10 20:09 <DIR> d-------- C:\Program Files\djmax
2007-11-18 09:06 . 2007-11-18 09:06 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\AdobeUM
2007-11-18 00:52 . 2007-11-18 00:52 <DIR> d-------- C:\Program Files\Netmarble
2007-11-17 23:55 . 2007-11-17 23:57 <DIR> d-------- C:\Netmarble
2007-11-17 23:54 . 2007-11-17 23:55 <DIR> d--h----- C:\Documents and Settings\Max Lee\Application Data\netmarble
2007-11-17 00:20 . 2007-11-17 00:20 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-16 09:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-16 09:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-16 09:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-16 09:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-15 23:20 . 2007-11-15 23:20 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-15 23:16 . 2007-11-15 23:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-15 23:16 . 2006-10-04 06:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-15 23:16 . 2006-10-04 06:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-15 23:16 . 2006-10-04 06:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-15 23:15 . 2007-11-15 23:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-15 23:13 . 2007-12-13 10:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-15 23:13 . 2007-11-15 23:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-15 23:12 . 2007-11-15 23:12 <DIR> d-------- C:\Program Files\iPod
2007-11-15 23:12 . 2007-11-15 23:12 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\Apple Computer
2007-11-15 23:11 . 2007-11-15 23:11 <DIR> d-------- C:\Program Files\QuickTime
2007-11-15 23:11 . 2007-11-15 23:12 <DIR> d-------- C:\Program Files\iTunes
2007-11-15 23:11 . 2007-11-15 23:11 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-15 23:11 . 2007-11-15 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-15 23:10 . 2007-11-15 23:10 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-15 23:10 . 2007-11-15 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-15 23:06 . 2007-11-15 23:06 <DIR> d-------- C:\Program Files\Windows Live
2007-11-15 23:06 . 2007-11-15 23:06 <DIR> d-------- C:\Program Files\MSN Messenger
2007-11-15 23:06 . 2007-11-15 23:06 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-11-15 23:06 . 2007-11-15 23:06 268 --ah----- C:\sqmdata00.sqm
2007-11-15 23:06 . 2007-11-15 23:06 244 --ah----- C:\sqmnoopt00.sqm
2007-11-15 21:02 . 2007-07-09 05:16 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-15 20:53 . 2007-11-15 20:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-11-15 20:51 . 2007-11-28 09:16 <DIR> d-------- C:\Documents and Settings\Max Lee\Contacts
2007-11-15 20:51 . 2007-11-15 20:51 244 --ah----- C:\sqmnoopt02.sqm
2007-11-15 20:51 . 2007-11-15 20:51 232 --ah----- C:\sqmdata02.sqm
2007-11-15 20:50 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-15 20:50 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-11-15 20:50 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-15 20:50 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-11-15 12:50 . 2007-11-15 12:50 <DIR> d-------- C:\Program Files\Ocean Technology
2007-11-15 12:50 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll
2007-11-15 12:49 . 2007-11-15 12:49 <DIR> d-------- C:\Documents and Settings\Max Lee\Application Data\InstallShield
2007-11-15 12:48 . 2007-11-15 12:48 268 --ah----- C:\sqmdata01.sqm
2007-11-15 12:48 . 2007-11-15 12:48 244 --ah----- C:\sqmnoopt01.sqm
2007-11-15 12:46 . 2007-11-15 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-15 12:41 . 2004-08-04 19:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-11-14 15:06 . 2007-11-14 15:06 53,768 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-11-14 15:06 . 2007-11-14 15:06 50,696 --a------ C:\WINDOWS\system32\drivers\epfw.sys
2007-11-14 15:06 . 2007-11-14 15:06 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys
2007-11-14 15:04 . 2007-11-14 15:04 27,656 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-14 15:03 . 2007-11-14 15:03 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.
Find3M Report
.
2007-12-10 00:45 --------- d-----w C:\Program Files\Symantec
2007-12-10 00:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-22 20:10 --------- d-----w C:\Program Files\ASUS Lifeframe
2007-11-15 20:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

snapshot@2007-12-12_11.56.53.90

+ 2006-11-07 11:26:24 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2006-10-17 19:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2006-11-08 05:03:36 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2006-10-17 19:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2006-11-07 11:26:28 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2006-11-07 11:26:56 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2006-11-07 11:27:02 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2006-11-07 11:25:14 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2006-09-06 07:01:26 2,451,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2006-10-17 19:27:56 380,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2006-11-07 11:27:10 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2006-11-08 05:03:36 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2006-11-07 11:26:28 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2006-10-17 19:57:20 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2006-11-07 11:26:32 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2006-10-17 20:04:40 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2006-11-08 05:03:36 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2006-11-08 05:03:36 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2006-11-08 05:03:36 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2006-11-08 05:03:36 3,577,856 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2006-11-08 05:03:36 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2006-10-17 20:05:10 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2006-11-08 05:03:36 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2006-10-17 20:04:46 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2006-10-17 20:05:22 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2006-11-08 05:03:36 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2006-11-08 05:03:36 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2006-11-08 05:03:36 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-12-13 08:10:05 4,190 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{11237AB6-5B98-4FCE-AECF-8F5D5EE2D217}.bin
- 2006-11-07 11:26:24 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-07-01 03:31:33 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
- 2006-10-17 19:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-11-08 05:03:36 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-10-17 19:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2006-11-07 11:26:28 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2006-11-07 11:26:56 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2006-11-07 11:27:02 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2006-11-07 11:25:14 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2006-09-06 07:01:26 2,451,824 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2006-10-17 19:27:56 380,928 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2006-11-07 11:27:10 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2006-11-08 05:03:36 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2006-11-07 11:26:28 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2006-10-17 19:57:20 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2006-11-07 11:26:32 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2006-11-08 05:03:36 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-11-08 05:03:36 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2006-11-08 05:03:36 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2006-11-08 05:03:36 3,577,856 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-11-08 05:03:36 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-10-17 20:05:10 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-11-08 05:03:36 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-10-17 20:04:46 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:55:59 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2006-10-17 20:05:22 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2006-11-08 05:03:36 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2006-11-08 05:03:36 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2006-11-08 05:03:36 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 16:09]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 09:22]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 19:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 10:51]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 10:52]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 10:56]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 16:13]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 01:26]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-05-28 18:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 19:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 19:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 19:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 19:00]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 22:34 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 03:01 C:\WINDOWS\RTHDCPL.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 22:17]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 22:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 22:13]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 04:24]
"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2006-08-24 17:11]
"ABLKSR"="C:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 20:14]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-14 15:05]

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
R2 epfw;epfw;C:\WINDOWS\system32\DRIVERS\epfw.sys
R3 Epfwndis;Eset Personal Firewall;C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65f59fb2-9f7f-11dc-8ae3-001731ee1657}]
\Shell\AutoRun\command - F:\ntdelect.com
\Shell\explore\Command - F:\ntdelect.com
\Shell\open\Command - F:\ntdelect.com

Due to space limitations, I removed the hidden files scan part, which found 0 hidden files.

Thanks

jonathanasdf
2007-12-14, 09:13
And here is the Kaspersky log


KASPERSKY ONLINE SCANNER REPORT
Friday, December 14, 2007 11:09:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/12/2007
Kaspersky Anti-Virus database records: 482007


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 79686
Number of viruses found 7
Number of infected objects 126
Number of suspicious objects 0
Duration of the scan process 01:03:49

Infected Object Name Virus Name Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Max Lee\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Documents and Settings\Max Lee\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Messenger\shadow_phoenix79@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Messenger\shadow_phoenix79@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Messenger\shadow_phoenix79@hotmail.com\SharingMetadata\Working\database_7CC8_B3C6_C8B3_7CC8\dfsr.db Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Messenger\shadow_phoenix79@hotmail.com\SharingMetadata\Working\database_7CC8_B3C6_C8B3_7CC8\fsr.log Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Messenger\shadow_phoenix79@hotmail.com\SharingMetadata\Working\database_7CC8_B3C6_C8B3_7CC8\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Messenger\shadow_phoenix79@hotmail.com\SharingMetadata\Working\database_7CC8_B3C6_C8B3_7CC8\tmp.edb Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Windows Live Contacts\shadow_phoenix79@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Application Data\Microsoft\Windows Live Contacts\shadow_phoenix79@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temp\flaD39.tmp Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temp\~DF5A7A.tmp Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temp\~DF5C64.tmp Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temp\~DFAB8F.tmp Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temp\~DFD735.tmp Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temp\~DFEF69.tmp Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temp\~DFEF76.tmp Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temp\~WRF0001.tmp Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Max Lee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Max Lee\My Documents\Convo\annie.g.ju@gmail.com\December 2007.html Object is locked skipped

C:\Documents and Settings\Max Lee\My Documents\Convo\m.0723@hotmail.com\December 2007.html Object is locked skipped

C:\Documents and Settings\Max Lee\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped

C:\Documents and Settings\Max Lee\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Max Lee\ntuser.dat.LOG Object is locked skipped


Continued...

jonathanasdf
2007-12-14, 09:15
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\qoobox\Quarantine\C\ntdelect.com.vir Infected: Packed.Win32.NSAnti.r skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\kavo.exe.vir Infected: Packed.Win32.NSAnti.r skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\kavo0.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\qoobox\Quarantine\D\ntdelect.com.vir Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001863.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001864.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001886.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001887.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001927.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001928.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001948.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001949.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001970.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001971.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001977.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001978.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002112.dll Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002113.dll Infected: Trojan-PSW.Win32.OnLineGames.htc skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002114.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002115.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002137.dll Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002138.dll Infected: Trojan-PSW.Win32.OnLineGames.htc skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002139.exe Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002140.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002141.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002455.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002456.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002457.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002458.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002473.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002474.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002475.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002476.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002500.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002501.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002502.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002503.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002535.exe Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002622.dll Infected: Trojan-PSW.Win32.OnLineGames.ige skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002623.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002625.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002626.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002634.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002635.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004014.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004015.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004032.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004034.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004035.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004081.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004083.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004084.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004124.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004125.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004160.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004161.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004162.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004180.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004181.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004215.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004216.exe Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004217.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004218.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004246.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004256.dll Infected: Trojan-PSW.Win32.OnLineGames.jav skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004257.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\A0004262.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP44\A0004282.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP45\A0004292.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP46\A0013459.dll Infected: Trojan-PSW.Win32.OnLineGames.jav skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP46\A0013493.exe Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP46\A0015273.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0015276.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0015277.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0016290.exe Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0016291.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0016292.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0016293.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP48\A0016297.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP48\A0016298.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP49\A0016601.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP49\A0016602.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0016670.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0016671.inf Object is locked skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0017325.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0017327.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0019290.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0019291.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020291.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020292.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020299.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020300.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020308.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020309.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP51\A0020312.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP51\A0020325.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP51\A0020327.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP52\A0020329.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP52\A0020370.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP52\A0020372.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP53\A0020375.com Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP53\A0020377.exe Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP53\A0020378.dll Infected: Trojan-PSW.Win32.OnLineGames.idq skipped

C:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP55\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped


continued...

jonathanasdf
2007-12-14, 09:19
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001865.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP29\A0001866.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001888.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP30\A0001889.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001929.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP31\A0001930.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001950.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP32\A0001951.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001972.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP33\A0001973.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001979.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0001980.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002116.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP34\A0002117.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002142.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP35\A0002143.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002459.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP36\A0002460.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002477.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002478.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002504.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002505.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002627.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP37\A0002628.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002636.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP38\A0002637.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004016.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004017.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004036.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004037.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004085.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP39\A0004086.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004126.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004127.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004163.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP40\A0004164.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004182.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004183.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004219.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP41\A0004220.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004248.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP42\A0004259.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP43\A0004264.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP44\A0004284.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP45\A0004294.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP46\A0015274.com Infected: Trojan-PSW.Win32.OnLineGames.jan skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0015278.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0015279.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0016294.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP47\A0016295.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP48\A0016299.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP48\A0016300.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP49\A0016603.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP49\A0016604.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0016672.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0016673.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0017328.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0019292.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020293.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020301.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP50\A0020310.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP51\A0020313.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP51\A0020328.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP52\A0020330.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP52\A0020373.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP53\A0020376.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP59\A0005924.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP59\A0005925.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP60\A0006021.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP60\A0006022.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP61\A0006062.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP61\A0006063.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006103.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006104.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006613.com Infected: Packed.Win32.NSAnti.r skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP62\A0006614.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP63\A0006662.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP63\A0006663.inf Object is locked skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP64\A0006680.com Infected: Trojan-PSW.Win32.OnLineGames.htd skipped

D:\System Volume Information\_restore{21E41AD5-B533-4445-BCBE-82C0EC1EBFB3}\RP64\A0006681.inf Object is locked skipped

Scan process completed.

Thanks.

katana
2007-12-14, 10:43
All the files found are either in system restore or quarantine, which is fine

Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab. (make sure you
Check Turn off System Restore. (make sure you change all drives)
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.

Please post a final HJT log

jonathanasdf
2007-12-14, 21:31
Hello. THANK YOU! HEre is the HJT log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:30:17 AM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\ASScrPro.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Max Lee\Desktop\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [ABLKSR] C:\windows\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8729 bytes

THanks

katana
2007-12-14, 23:08
Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up :D

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

You can also delete any logs we have produced, and empty your Recycle bin.



AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
All the programs in this list have a free version.
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
AVG Anti-Spyware 7.5 (http://www.ewido.net/en/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Ad-Aware 2007 Free (http://www.lavasoftusa.com/products/ad_aware_free.php) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 3.5.1 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/content/view/15/33/) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/content/view/19/2/) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep


Also PLEASE read this article.......So How Did I Get Infected In The First Place (http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'