-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 7:07:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 511719
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 147391
Number of viruses found: 3
Number of infected objects: 42
Number of suspicious objects: 0
Duration of the scan process: 02:13:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\History\History.IE5\MSHist012008011520080116\index.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Temp\fjuyqnsa.dll Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Temp\~DF7A9A.tmp Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\ntuser.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\f.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\installer holder\mirc631.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\installer holder\mirc631.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\installer holder\mirc631.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\installer holder\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\installer holder\mirc631.exe NSIS: infected - 4 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068059.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068065.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068066.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068067.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068074.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068077.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068083.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068092.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068096.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068101.dll Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068102.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068103.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068104.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068118.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068119.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068134.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068135.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068143.dll Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068146.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068167.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068168.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068178.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068182.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068193.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068196.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068200.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068209.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068230.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068231.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068248.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068252.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068254.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068289.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068294.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A50325EF-2CE0-4D82-8C22-C1D49F5D69D7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kavo.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\kavo0.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\kavo1.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7f8.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 8:31:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 511719
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 137359
Number of viruses found: 10
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 03:13:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Local Settings\Temp\fjuyqnsa.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\fjuyqnsa.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YUBHD9X2\1[1].htm Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YUBHD9X2\zpopup[2].cgi Infected: Exploit.HTML.UrlSpoof.a skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\f.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\oracle\ora92\network\log\listener.log Object is locked skipped
C:\oracle\ora92\oramts\trace\OracleMTSRecoveryService(1556).trc Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F8238D1 Infected: Worm.VBS.Sasan.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\503F095B.htm Infected: Trojan-Downloader.JS.gen skipped
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP1.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP3.class Infected: Exploit.Java.ByteVerify skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046214.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046222.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046223.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046225.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046234.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046237.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046246.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046250.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{368AC407-B837-467D-B1F9-94377939B917}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kavo.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\kavo0.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\kavo1.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\f.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
D:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046216.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
D:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046227.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
D:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046239.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
D:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\change.log Object is locked skipped
D:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046252.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\f.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\Programme installer\Installers\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
G:\Programme installer\Installers\mirc616.exe mIRC: infected - 1 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068107.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068109.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068121.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068137.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068144.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068185.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP382\A0042443.exe Infected: Trojan-Spy.Win32.Ayolog.iy skipped
G:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP382\A0042489.exe Infected: Trojan-Spy.Win32.Ayolog.iy skipped
G:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046204.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\A0046254.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
G:\System Volume Information\_restore{DDD592F7-134C-41F3-BA6B-036A7F32B637}\RP431\change.log Object is locked skipped

Scan process completed.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 7:07:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 511719
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 147391
Number of viruses found: 3
Number of infected objects: 42
Number of suspicious objects: 0
Duration of the scan process: 02:13:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\History\History.IE5\MSHist012008011520080116\index.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Temp\fjuyqnsa.dll Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Temp\~DF7A9A.tmp Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\ntuser.dat Object is locked skipped
C:\Documents and Settings\Derek Goh Jia Jun\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\f.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\installer holder\mirc631.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\installer holder\mirc631.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\installer holder\mirc631.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\installer holder\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\installer holder\mirc631.exe NSIS: infected - 4 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068059.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068065.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068066.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068067.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068074.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068077.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068083.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068092.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068096.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068101.dll Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068102.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068103.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068104.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068118.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068119.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068134.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068135.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP345\A0068143.dll Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068146.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068167.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068168.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068178.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068182.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068193.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP346\A0068196.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068200.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068209.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068230.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068231.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068248.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068252.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068254.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068289.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\A0068294.cmd Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP347\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A50325EF-2CE0-4D82-8C22-C1D49F5D69D7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kavo.exe Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\kavo0.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\kavo1.dll Infected: Trojan-PSW.Win32.OnLineGames.obb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7f8.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hello.

Please don't start multiple topics, I just merged three of them.

Did you see: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)


Please do not start more than one topic for the same computer, during the same period. It will either be removed, or merged with your original thread.You might want to start again, and post a HJT log by copying and pasting it into the topic as requested in the sticky. :)

Previous topic: http://forums.spybot.info/showthread.php?t=22713

Best regards.