major infection

R

rmgrobe

New member
here is the kaspersky and HJT log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 15, 2008 12:47:49 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 705072
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 86142
Number of viruses found: 27
Number of infected objects: 163
Number of suspicious objects: 0
Duration of the scan process: 01:16:26

Infected Object Name / Virus Name / Last Action
C:\1weicxa.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\autorun.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Report Logs\Report39552.855995370373.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\allan\cftmon.exe Infected: Worm.Win32.Socks.by skipped
C:\Documents and Settings\allan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\allan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\History\History.IE5\MSHist012008041420080415\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temp\1312.tmp Infected: Trojan-Downloader.Win32.Delf.dke skipped
C:\Documents and Settings\allan\Local Settings\Temp\aajc.dll Infected: Trojan-PSW.Win32.OnLineGames.xlx skipped
C:\Documents and Settings\allan\Local Settings\Temp\BNBF.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Documents and Settings\allan\Local Settings\Temp\BNC1.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Documents and Settings\allan\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temp\ee77xdv.dll Infected: Worm.Win32.AutoRun.cvy skipped
C:\Documents and Settings\allan\Local Settings\Temp\f.dll Infected: Trojan-PSW.Win32.OnLineGames.ulc skipped
C:\Documents and Settings\allan\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temp\k2fvpt.dll Infected: Trojan-PSW.Win32.OnLineGames.tdc skipped
C:\Documents and Settings\allan\Local Settings\Temp\MediaBar.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\allan\Local Settings\Temp\MediaBar.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\allan\Local Settings\Temp\MediaBar.exe NSIS: infected - 2 skipped
C:\Documents and Settings\allan\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\81D78T0X\lmmqrv[1].htm Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\81D78T0X\us[1].exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\81D78T0X\vsskkopgtx[1].htm Infected: Worm.Win32.Socks.by skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\F3OL5S8Y\ddos[1].htm Infected: Trojan-Downloader.Win32.Mutant.jz skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\F3OL5S8Y\nwabo[1].txt Infected: Trojan-Downloader.Win32.Agent.mws skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\F3OL5S8Y\sgxllcqhhy[1].htm Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\LSW5XE76\AccessMediaSetup[1].exe Infected: Trojan-Downloader.Win32.Delf.dke skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\LSW5XE76\drv32[1].data Infected: Trojan-Downloader.Win32.Peregar.bs skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\LSW5XE76\iftkk[1].htm Infected: Trojan-Downloader.Win32.Agent.lxt skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\LSW5XE76\us[1].exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\YWQPHH3P\ddos1[1].htm Infected: Trojan-Downloader.Win32.Mutant.jz skipped
C:\Documents and Settings\allan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\allan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\cftmon.exe Infected: Worm.Win32.Socks.by skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP325\A0039632.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jad skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe/AntiSpywareApp/Launcher.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.j skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040710.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.j skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040795.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040870.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040882.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP331\A0040940.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP332\A0040961.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP332\A0041349.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP333\A0041363.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP333\A0041364.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP334\A0041519.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP334\A0041520.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP335\A0041540.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP335\A0041541.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP336\A0041558.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP336\A0041559.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP337\A0041608.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP337\A0041609.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP338\A0041632.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP338\A0041633.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041718.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041719.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041721.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041732.dll Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041733.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041734.dll Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041738.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041767.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP340\A0041778.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP341\A0041800.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP342\A0041807.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP343\A0041816.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP344\A0041857.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP345\A0041903.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0041905.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042083.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042102.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042103.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP347\A0042124.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP347\A0042125.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP348\A0042318.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP348\A0042319.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP349\A0042372.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP349\A0042373.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP350\A0042383.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP350\A0042384.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP351\A0042392.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP351\A0042393.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042421.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042422.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042824.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042825.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042826.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP353\A0042836.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP353\A0042837.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042845.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042846.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042989.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042991.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042992.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP355\A0043013.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP355\A0043014.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043109.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043110.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043396.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043397.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043398.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0043414.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0043415.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044389.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044393.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044394.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044395.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044396.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044404.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045389.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045393.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045394.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045396.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045397.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045404.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045405.exe Infected: Trojan-Downloader.Win32.Agent.mws skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045407.exe Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045409.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045569.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045575.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045584.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045585.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045586.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045596.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045598.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045602.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045606.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045612.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045616.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045618.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045619.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045620.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045637.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045641.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045644.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045645.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045652.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045657.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045660.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045664.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045668.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045675.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045676.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045679.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045687.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045736.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045742.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045746.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045750.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045754.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045755.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045756.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045760.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045768.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045773.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045778.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045785.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045789.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045795.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045796.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045797.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\change.log Object is locked skipped
C:\uisvkqr.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{27278167-C094-41C9-8015-37AEC9C015D0}.crmlog Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7C429D16-CF5E-4A72-9F9C-15DA3ACA648A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\amvo.exe Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\WINDOWS\system32\amvo0.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\WINDOWS\system32\amvo1.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008041420080415\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FP9I1C84\fl8_ATT%20Wireless%20BrideBar01%20-%20300x270-600[1].flv Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\spools.exe Infected: Worm.Win32.Socks.by skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\WLCtrl32.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\WINDOWS\system32\WLCtrl32.dl_ Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:52 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\allan\cftmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.7:11
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\allan\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\allan\cftmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\allan\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\allan\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\allan\cftmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - Startup: FileOpenAPI.exe.lnk = C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hlphiaby - hlphiaby.dll (file missing)
O20 - Winlogon Notify: tuvwvur - tuvwvur.dll (file missing)
O20 - Winlogon Notify: wlctrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools AntiVirus Engine (pctavsvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12896 bytes
I appreciate the help with this issue.
 
Hi rmgrobe

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
 
smitfraud issues

I have ran S&D in safe mode several times and i still cannot get rid of this smitfaud trojan or virus whatever it is. here is the kaspersky and the hjt logs.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 16, 2008 9:07:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/04/2008
Kaspersky Anti-Virus database records: 709546
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 86802
Number of viruses found: 28
Number of infected objects: 179
Number of suspicious objects: 0
Duration of the scan process: 01:22:43

Infected Object Name / Virus Name / Last Action
C:\1weicxa.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\autorun.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Report Logs\Report39554.091979166667.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\allan\cftmon.exe Infected: Worm.Win32.Socks.by skipped
C:\Documents and Settings\allan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\allan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\History\History.IE5\MSHist012008041620080417\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temp\1312.tmp Infected: Trojan-Downloader.Win32.Delf.dke skipped
C:\Documents and Settings\allan\Local Settings\Temp\aajc.dll Infected: Trojan-PSW.Win32.OnLineGames.xlx skipped
C:\Documents and Settings\allan\Local Settings\Temp\BNBF.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Documents and Settings\allan\Local Settings\Temp\BNC1.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Documents and Settings\allan\Local Settings\Temp\ee77xdv.dll Infected: Worm.Win32.AutoRun.cvy skipped
C:\Documents and Settings\allan\Local Settings\Temp\f.dll Infected: Trojan-PSW.Win32.OnLineGames.ulc skipped
C:\Documents and Settings\allan\Local Settings\Temp\k2fvpt.dll Infected: Trojan-PSW.Win32.OnLineGames.tdc skipped
C:\Documents and Settings\allan\Local Settings\Temp\MediaBar.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\allan\Local Settings\Temp\MediaBar.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\allan\Local Settings\Temp\MediaBar.exe NSIS: infected - 2 skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\81D78T0X\lmmqrv[1].htm Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\81D78T0X\us[1].exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\81D78T0X\vsskkopgtx[1].htm Infected: Worm.Win32.Socks.by skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\F3OL5S8Y\ddos[1].htm Infected: Trojan-Downloader.Win32.Mutant.jz skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\F3OL5S8Y\nwabo[1].txt Infected: Trojan-Downloader.Win32.Agent.mws skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\F3OL5S8Y\sgxllcqhhy[1].htm Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\LSW5XE76\AccessMediaSetup[1].exe Infected: Trojan-Downloader.Win32.Delf.dke skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\LSW5XE76\drv32[1].data Infected: Trojan-Downloader.Win32.Peregar.bs skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\LSW5XE76\iftkk[1].htm Infected: Trojan-Downloader.Win32.Agent.lxt skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\LSW5XE76\us[1].exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\YWQPHH3P\ddos1[1].htm Infected: Trojan-Downloader.Win32.Mutant.jz skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\YWQPHH3P\wjkbcttklc[1].htm Infected: Trojan.Win32.Agent.kcj skipped
C:\Documents and Settings\allan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\allan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\cftmon.exe Infected: Worm.Win32.Socks.by skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP325\A0039632.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jad skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe/AntiSpywareApp/Launcher.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.j skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040710.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.j skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040795.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040870.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040882.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP331\A0040940.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP332\A0040961.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP332\A0041349.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP333\A0041363.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP333\A0041364.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP334\A0041519.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP334\A0041520.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP335\A0041540.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP335\A0041541.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP336\A0041558.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP336\A0041559.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP337\A0041608.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP337\A0041609.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP338\A0041632.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP338\A0041633.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041718.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041719.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041721.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041732.dll Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041733.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041734.dll Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041738.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041767.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP340\A0041778.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP341\A0041800.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP342\A0041807.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP343\A0041816.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP344\A0041857.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP345\A0041903.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0041905.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042083.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042102.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042103.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP347\A0042124.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP347\A0042125.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP348\A0042318.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP348\A0042319.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP349\A0042372.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP349\A0042373.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP350\A0042383.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP350\A0042384.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP351\A0042392.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP351\A0042393.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042421.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042422.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042824.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042825.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042826.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP353\A0042836.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP353\A0042837.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042845.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042846.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042989.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042991.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042992.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP355\A0043013.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP355\A0043014.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043109.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043110.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043396.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043397.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043398.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0043414.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0043415.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044389.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044393.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044394.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044395.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044396.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044404.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045389.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045393.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045394.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045396.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045397.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045404.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045405.exe Infected: Trojan-Downloader.Win32.Agent.mws skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045406.exe Infected: Trojan.Win32.Agent.kcj skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045407.exe Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045409.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045569.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045575.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045584.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045585.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045586.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045596.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045598.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045602.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045606.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045612.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045616.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045618.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045619.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045620.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045637.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045641.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045644.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045645.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045652.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045657.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045660.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045664.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045668.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045675.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045676.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045679.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045687.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045736.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045742.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045746.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045750.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045754.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045755.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045756.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045760.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045768.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045773.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045778.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045785.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045789.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045795.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045796.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045797.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045834.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045841.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045842.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045845.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045853.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045866.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045879.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045887.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045899.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045906.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045907.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045908.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045913.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\change.log Object is locked skipped
C:\uisvkqr.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C9A44E8C-390E-4D46-8C1E-EEB288B13406}.crmlog Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\amvo.exe Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\WINDOWS\system32\amvo0.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\WINDOWS\system32\amvo1.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008041620080417\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\spools.exe Infected: Worm.Win32.Socks.by skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\WLCtrl32.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\WINDOWS\system32\WLCtrl32.dl_ Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\WINDOWS\Temp\BN20D.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:14 AM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN20D.tmp
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.7:11
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\allan\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\allan\cftmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\allan\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\allan\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\allan\cftmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - Startup: FileOpenAPI.exe.lnk = C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hlphiaby - hlphiaby.dll (file missing)
O20 - Winlogon Notify: tuvwvur - tuvwvur.dll (file missing)
O20 - Winlogon Notify: wlctrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools AntiVirus Engine (pctavsvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12777 bytes
 
Hi rmgrobe

I merged your threads.

You are not supposed to start a new topic but reply to this existing one.

Post reply button looks like this

reply.gif


So please answer to my previous question next :)
 
right, sorry about that. I have decided to try and clean it up at. I do not have the much critical information on my computer, and do not do much banking on it anyway.
 
Hi

Then next step is to change all online passwords from clean computer and contact online back/credit card company.

After that:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
- sdfix report
 
ok here is the information you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:01 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.7:11
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - Startup: FileOpenAPI.exe.lnk = C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hlphiaby - hlphiaby.dll (file missing)
O20 - Winlogon Notify: tuvwvur - tuvwvur.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools AntiVirus Engine (pctavsvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9798 bytes

ComboFix 08-04-16.5 - allan 2008-04-17 15:48:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1448 [GMT -5:00]
Running from: C:\Documents and Settings\allan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\BMe7eff45d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
c:\windows\system32\Drivers\Dew28.sys
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_dew28
-------\Service_6to4
-------\Service_Dew28
-------\Service_dew28


((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-17 15:23 . 2008-04-17 15:23 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-17 14:04 . 2008-04-17 15:43 <DIR> d-------- C:\SDFix
2008-04-16 02:12 . 2008-04-17 09:21 90,748 --a------ C:\Documents and Settings\allan\cftmon.exe
2008-04-16 02:11 . 2008-04-16 02:11 67,282 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-15 16:09 . 2008-04-15 17:28 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-14 18:01 . 2008-04-14 18:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 18:01 . 2008-04-14 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-14 17:34 . 2008-04-14 17:34 <DIR> d-------- C:\Documents and Settings\allan\Application Data\PC Tools
2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 17:32 . 2008-04-17 15:52 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-14 17:32 . 2008-04-14 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-14 17:32 . 2007-12-06 16:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2008-04-14 17:32 . 2007-12-06 16:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2008-04-14 17:32 . 2008-02-12 11:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2008-04-14 01:19 . 2008-04-14 17:31 334 --a------ C:\WINDOWS\wininit.ini
2008-04-10 18:28 . 2008-04-10 19:33 <DIR> d-------- C:\Documents and Settings\allan\Application Data\Hamachi
2008-04-10 18:21 . 2008-04-10 18:22 <DIR> d-------- C:\Program Files\Hamachi
2008-04-08 21:17 . 2008-04-08 21:17 <DIR> d-------- C:\Program Files\iPod
2008-04-06 20:45 . 2008-04-06 20:48 <DIR> d-------- C:\Various Artists
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-26 23:27 . 2008-03-26 23:26 100,819 -r-hs---- C:\1weicxa.com
2008-03-26 22:22 . 2008-04-01 01:43 <DIR> d-------- C:\Documents and Settings\allan\Application Data\Command & Conquer 3 Kane's Wrath
2008-03-26 22:21 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-26 22:21 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-26 22:21 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-26 22:21 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-26 22:21 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 20:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 20:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 20:04 --------- d-----w C:\Documents and Settings\allan\Application Data\Antispyware
2008-04-14 06:10 --------- d-----w C:\Program Files\Viewpoint
2008-04-10 23:27 --------- d-----w C:\Documents and Settings\allan\Application Data\Hamachi-Backup
2008-04-10 23:21 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-09 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 02:18 --------- d-----w C:\Program Files\iTunes
2008-04-09 02:16 --------- d-----w C:\Program Files\QuickTime
2008-03-27 04:24 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-27 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-27 03:06 --------- d-----w C:\Program Files\Electronic Arts
2008-03-11 21:35 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-11 21:16 --------- d-----w C:\Program Files\Stardock Games
2008-03-06 05:04 --------- d-----w C:\Program Files\EA GAMES
2008-03-05 07:09 107,057 --sh--r C:\uisvkqr.exe
2008-02-29 03:10 --------- d-----w C:\Program Files\Google
2008-02-29 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 01:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 23:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-19 05:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-18 21:05 --------- d-----w C:\Program Files\AIM6
2008-02-18 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-18 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-18 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"Aim6"="" []
"AntiSpyware"="C:\Program Files\AntiSpywareApp\Antispyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:56 64512]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 04:24 110592]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 20:41 45056]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 04:01 16010752 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 14:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 13:41 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 13:47 569413]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-07 03:33 100056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928]

C:\Documents and Settings\allan\Start Menu\Programs\Startup\
FileOpenAPI.exe.lnk - C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe [2006-08-28 12:30:26 57344]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hlphiaby]
hlphiaby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvur]
tuvwvur.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dew28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17892:TCP"= 17892:TCP:BitComet 17892 TCP
"17892:UDP"= 17892:UDP:BitComet 17892 UDP


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16a7411e-281f-11db-8d4a-001731f4e807}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a91977c-2ae4-11db-8d55-ebc2e84d0ade}]
\shell\autorun\command - F:\1weicxa.com
\shell\explore\command - F:\1weicxa.com
\shell\open\command - F:\1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f0e826-b9a7-11dc-8deb-001731f4e807}]
\Shell\AutoRun\command - E:\1weicxa.com
\Shell\explore\Command - E:\1weicxa.com
\Shell\open\Command - E:\1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f442b13d-eb2a-11dc-8e06-001731f4e807}]
\Shell\AutoRun\command - E:\uisvkqr.exe
\Shell\explore\Command - E:\uisvkqr.exe
\Shell\open\Command - E:\uisvkqr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f872a022-e738-11dc-8e03-001731f4e807}]
\Shell\AutoRun\command - E:\x.com
\Shell\explore\Command - E:\x.com
\Shell\open\Command - E:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f872a023-e738-11dc-8e03-001731f4e807}]
\Shell\AutoRun\command - F:\uisvkqr.exe
\Shell\explore\Command - F:\uisvkqr.exe
\Shell\open\Command - F:\uisvkqr.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 22:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 15:52:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-17 15:57:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 20:57:47

Pre-Run: 38,534,852,608 bytes free
Post-Run: 38,508,879,872 bytes free
.
2008-04-11 14:24:16 --- E O F ---



SDFix: Version 1.171
Run by allan on Thu 04/17/2008 at 03:29 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
zeqbqwp

Path :
\??\C:\WINDOWS\zeqbqwp.sys

zeqbqwp - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Schedule Service Path

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CBOCR.DLL - Deleted
C:\DOCUME~1\ALLAN\LOCALS~1\TEMP\BNBF.TMP - Deleted
C:\DOCUME~1\ALLAN\LOCALS~1\TEMP\BNC1.TMP - Deleted
C:\autorun.inf - Deleted
C:\WINDOWS\system32\drivers\spools.exe - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted
C:\WINDOWS\zeqbqwp.sys - Deleted


Could Not Remove C:\WINDOWS\system32\WLCtrl32.dll

Folder C:\WINDOWS\system32\wsnpoem - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 15:38:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9Q2WBS6\ErrorPageTemplate[1]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9Q2WBS6\dnserror[2]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9Q2WBS6\background_gradient[1]

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1155144288\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1155144288\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1155144288\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1155144288\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat:*:Enabled:Command & Conquer(tm) 3: Kane's Wrath"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

C:\WINDOWS\system32\WLCtrl32.dll Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 26 Mar 2008 100,819 ..SHR --- "C:\1weicxa.com"
Wed 5 Mar 2008 107,057 ..SHR --- "C:\uisvkqr.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 26 Mar 2008 100,819 ..SHR --- "C:\WINDOWS\system32\amvo.exe"
Thu 17 Apr 2008 70,144 ..SHR --- "C:\WINDOWS\system32\amvo0.dll"
Wed 26 Mar 2008 70,144 A.SHR --- "C:\WINDOWS\system32\amvo1.dll"
Thu 28 Feb 2008 24,452 A.SH. --- "C:\WINDOWS\system32\hlphiaby.dllbox"
Wed 11 Jul 2007 95 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2.tmp"
Sun 15 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITA.tmp"
Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT6.tmp"
Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITC.tmp"
Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3a301a52ece728474b32be567323ab13\BIT9.tmp"
Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61d047c72fe60f406119d82417239710\BIT8.tmp"
Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BITB.tmp"
Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITD.tmp"
Thu 21 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT7.tmp"
Fri 11 Apr 2008 1,714 ...HR --- "C:\Documents and Settings\allan\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!
 
Hi

Before we continue, I need to ask which devices are E: and F: in your computer?
 
just another update put my SD card in my computer and tried to access it and spybot found another trojan. I believe that my card is somehow infected also. Is there anyway to fix this or should I just buy a new one.
 
Hi

Both iPod and SD card are infected.

I recommend that you format them both as your computer will get re-infected every time you plug them.

Let me know if you are able to do that and we'll continue :)
 
Hi

Good, we'll continue :)

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\Documents and Settings\allan\cftmon.exe
C:\Documents and Settings\LocalService\cftmon.exe
C:\1weicxa.com
C:\uisvkqr.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\hlphiaby.dllbox

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a91977c-2ae4-11db-8d55-ebc2e84d0ade}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f0e826-b9a7-11dc-8deb-001731f4e807}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f442b13d-eb2a-11dc-8e06-001731f4e807}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f872a022-e738-11dc-8e03-001731f4e807}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f872a023-e738-11dc-8e03-001731f4e807}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hlphiaby]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvur]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiSpyware"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ComboFix 08-04-16.5 - allan 2008-04-20 11:02:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1315 [GMT -5:00]
Running from: C:\Documents and Settings\allan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\allan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\1weicxa.com
C:\Documents and Settings\allan\cftmon.exe
C:\Documents and Settings\LocalService\cftmon.exe
C:\uisvkqr.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\hlphiaby.dllbox
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1weicxa.com
C:\Documents and Settings\allan\cftmon.exe
C:\Documents and Settings\LocalService\cftmon.exe
C:\WINDOWS\system32\hlphiaby.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-17 15:23 . 2008-04-17 15:23 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-17 14:04 . 2008-04-17 15:43 <DIR> d-------- C:\SDFix
2008-04-15 16:09 . 2008-04-15 17:28 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-14 18:01 . 2008-04-14 18:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 18:01 . 2008-04-14 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-14 17:34 . 2008-04-14 17:34 <DIR> d-------- C:\Documents and Settings\allan\Application Data\PC Tools
2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 17:32 . 2008-04-17 16:25 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-04-14 17:32 . 2008-04-14 17:32 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-04-14 17:32 . 2008-04-14 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-14 17:32 . 2007-12-06 16:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2008-04-14 17:32 . 2007-12-06 16:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2008-04-14 17:32 . 2008-02-12 11:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2008-04-14 01:19 . 2008-04-14 17:31 334 --a------ C:\WINDOWS\wininit.ini
2008-04-10 18:28 . 2008-04-17 21:10 <DIR> d-------- C:\Documents and Settings\allan\Application Data\Hamachi
2008-04-10 18:21 . 2008-04-10 18:22 <DIR> d-------- C:\Program Files\Hamachi
2008-04-08 21:17 . 2008-04-08 21:17 <DIR> d-------- C:\Program Files\iPod
2008-04-06 20:45 . 2008-04-06 20:48 <DIR> d-------- C:\Various Artists
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-26 22:22 . 2008-04-01 01:43 <DIR> d-------- C:\Documents and Settings\allan\Application Data\Command & Conquer 3 Kane's Wrath
2008-03-26 22:21 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-26 22:21 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-26 22:21 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-26 22:21 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-26 22:21 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 16:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-20 06:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 20:04 --------- d-----w C:\Documents and Settings\allan\Application Data\Antispyware
2008-04-14 06:10 --------- d-----w C:\Program Files\Viewpoint
2008-04-10 23:27 --------- d-----w C:\Documents and Settings\allan\Application Data\Hamachi-Backup
2008-04-10 23:21 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-09 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 02:18 --------- d-----w C:\Program Files\iTunes
2008-04-09 02:16 --------- d-----w C:\Program Files\QuickTime
2008-03-27 04:24 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-27 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-27 03:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-27 03:06 --------- d-----w C:\Program Files\Electronic Arts
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 21:35 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-11 21:16 --------- d-----w C:\Program Files\Stardock Games
2008-03-06 05:04 --------- d-----w C:\Program Files\EA GAMES
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 03:10 --------- d-----w C:\Program Files\Google
2008-02-29 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 01:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 23:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:56 64512]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 04:24 110592]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 20:41 45056]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 04:01 16010752 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 14:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 13:41 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 13:47 569413]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-07 03:33 100056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928]

C:\Documents and Settings\allan\Start Menu\Programs\Startup\
FileOpenAPI.exe.lnk - C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe [2006-08-28 12:30:26 57344]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dew28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17892:TCP"= 17892:TCP:BitComet 17892 TCP
"17892:UDP"= 17892:UDP:BitComet 17892 UDP


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16a7411e-281f-11db-8d4a-001731f4e807}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 22:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 11:04:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-20 11:05:12
ComboFix-quarantined-files.txt 2008-04-20 16:05:06
ComboFix2.txt 2008-04-17 20:57:57

Pre-Run: 39,050,682,368 bytes free
Post-Run: 39,038,193,664 bytes free
.
2008-04-11 14:24:16 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:52 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.7:11
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FileOpenAPI.exe.lnk = C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools AntiVirus Engine (pctavsvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9639 bytes
 
Hi

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:27 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.7:11
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FileOpenAPI.exe.lnk = C:\Program Files\FileOpen\plug_ins\FileOpenAPI.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools AntiVirus Engine (pctavsvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9720 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 20, 2008 8:31:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/04/2008
Kaspersky Anti-Virus database records: 717641
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 83384
Number of viruses found: 22
Number of infected objects: 202
Number of suspicious objects: 0
Duration of the scan process: 01:18:25

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\PC Tools AntiVirus\Report Logs\Report39558.071747685186.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-20_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\allan\Application Data\PC Tools\PC Tools AntiVirus\Application Logs\PCToolsAntivirus.txt Object is locked skipped
C:\Documents and Settings\allan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\AOL OCP\AIM\Storage\data\paintballer536\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\allan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\History\History.IE5\MSHist012008042020080421\index.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temp\Perflib_Perfdata_2cc.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temp\Perflib_Perfdata_34c.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temp\Perflib_Perfdata_dd4.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\allan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\allan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\allan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped
C:\Program Files\PC Tools AntiVirus\~ulo Object is locked skipped
C:\QooBox\Quarantine\C\1weicxa.com.vir Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\QooBox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.dcz skipped
C:\QooBox\Quarantine\C\Documents and Settings\allan\cftmon.exe.vir Infected: Worm.Win32.Socks.by skipped
C:\QooBox\Quarantine\C\Documents and Settings\LocalService\cftmon.exe.vir Infected: Worm.Win32.Socks.by skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo.exe.vir Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo0.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo1.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Dew28.sys.vir Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Agent.nhp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dl_.vir Infected: Trojan-Downloader.Win32.Agent.nhp skipped
C:\SDFix\backups\backups.zip/backups/autorun.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\SDFix\backups\backups.zip/backups/BNBF.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\SDFix\backups\backups.zip/backups/BNC1.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\SDFix\backups\backups.zip/backups/WLCtrl32.dll Infected: Trojan-Downloader.Win32.Agent.nhp skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\SDFix\backups\catchme.zip/ntos.exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\SDFix\backups\catchme.zip/spools.exe Infected: Worm.Win32.Socks.by skipped
C:\SDFix\backups\catchme.zip/zeqbqwp.sys Infected: Trojan-Clicker.Win32.Costrat.fn skipped
C:\SDFix\backups\catchme.zip ZIP: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP325\A0039632.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jad skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe/AntiSpywareApp/Launcher.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.j skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040702.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP328\A0040710.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.j skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040795.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040870.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP330\A0040882.inf Infected: Worm.Win32.AutoRun.cnw skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP331\A0040940.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP332\A0040961.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP332\A0041349.inf Infected: Trojan-PSW.Win32.OnLineGames.ssx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP333\A0041363.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP333\A0041364.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP334\A0041519.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP334\A0041520.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP335\A0041540.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP335\A0041541.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP336\A0041558.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP336\A0041559.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP337\A0041608.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP337\A0041609.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP338\A0041632.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP338\A0041633.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041718.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041719.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041721.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041732.dll Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041733.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041734.dll Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041738.inf Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP339\A0041767.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP340\A0041778.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP341\A0041800.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP342\A0041807.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP343\A0041816.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP344\A0041857.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP345\A0041903.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0041905.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042083.inf Infected: Trojan-PSW.Win32.OnLineGames.uhv skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042102.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP346\A0042103.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP347\A0042124.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP347\A0042125.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP348\A0042318.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP348\A0042319.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP349\A0042372.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP349\A0042373.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP350\A0042383.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP350\A0042384.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP351\A0042392.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP351\A0042393.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042421.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042422.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042824.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042825.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP352\A0042826.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP353\A0042836.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP353\A0042837.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042845.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042846.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042989.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042991.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP354\A0042992.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP355\A0043013.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP355\A0043014.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043109.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043110.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043396.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043397.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP356\A0043398.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0043414.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0043415.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044389.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044393.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044394.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044395.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044396.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0044404.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045389.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045393.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045394.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045396.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045397.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045404.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045405.exe Infected: Trojan-Downloader.Win32.Agent.mws skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045406.exe Infected: Trojan.Win32.Agent.kcj skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045407.exe Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045409.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045569.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045575.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045584.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045585.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045586.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045596.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045598.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045602.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045606.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045612.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045616.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045618.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045619.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045620.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045637.dll Infected: Trojan-Downloader.Win32.Mutant.lb skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045641.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045644.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045645.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045652.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045657.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045660.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045664.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045668.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045675.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045676.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045679.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045687.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045736.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045742.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045746.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045750.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045754.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045755.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045756.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045760.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045768.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045773.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045778.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045785.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045789.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045795.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045796.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045797.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045834.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045841.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045842.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045845.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045853.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045866.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045879.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045887.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045899.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045906.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045907.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045908.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0045913.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0046899.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0046903.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0046904.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0046906.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0046908.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0046910.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047899.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047903.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047904.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047905.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047907.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047908.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047922.dll Infected: Trojan-Downloader.Win32.Agent.nhp skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047926.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047927.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047931.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047932.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047934.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047949.dll Infected: Trojan-Downloader.Win32.Agent.nhp skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047952.exe Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047953.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047955.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047959.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047963.dll Infected: Trojan-Downloader.Win32.Agent.nhp skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0047969.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0048009.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP357\A0048010.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP358\A0048014.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP358\A0048015.inf Infected: Worm.Win32.AutoRun.dcz skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP358\A0048017.exe Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP358\A0048018.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP358\A0048019.dll Infected: Trojan-PSW.Win32.OnLineGames.won skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP358\A0048021.dll Infected: Trojan-Downloader.Win32.Agent.nhp skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP358\A0048022.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP359\A0048198.exe Infected: Worm.Win32.AutoRun.cvy skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP361\A0048221.com Infected: Trojan-PSW.Win32.OnLineGames.woo skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP361\A0048222.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP361\A0048223.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{8DC34318-AC3B-40ED-B6BB-FA6679A29239}\RP361\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E508C118-1C8E-425E-B730-DED04951C271}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Hi

Empty this folder:

C:\QooBox\Quarantine

Empty Recycle Bin.

All viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
You must log in or register to reply here.
Back
Top