Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With autorun virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 ravensheat

ravensheat

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 03 February 2009 - 04:12 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 10:06:55.25 on Wed 02/04/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.44 [GMT 13:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdoosoft] c:\windows\system32\olhrwef.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl05a\BrStDvPt.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230841401390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: hook dll rising: {bb4c402f-882a-4526-8c08-51278ea437c1} - c:\windows\system32\afmain1.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\k0us1k4b.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

============= SERVICES / DRIVERS ===============

R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2009-1-31 24720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-1 170640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-1 15504]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-1-12 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-12 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-1-12 42112]

=============== Created Last 30 ================

2009-02-04 10:04 105 ---shr-- C:\autorun.inf
2009-02-04 09:47 <DIR> --d----- c:\windows\ERUNT
2009-02-04 09:44 <DIR> --d----- C:\SDFix
2009-02-04 07:38 108,836 ---shr-- C:\pook.com
2009-02-03 21:41 <DIR> --d----- c:\program files\Image-Line
2009-02-03 19:15 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-02-03 19:14 <DIR> --d----- c:\program files\Outsim
2009-02-03 18:57 608,448 a------- c:\windows\system32\COMCTL32.OCX
2009-02-03 15:40 <DIR> --d----- c:\program files\ASIO4ALL v2
2009-02-03 15:25 <DIR> --d----- c:\docume~1\owner\applic~1\FabFilter
2009-02-01 08:23 109,930 ---shr-- C:\a2h2.com
2009-01-31 12:48 61,440 a------- c:\windows\system32\marblaxp.dll
2009-01-31 12:48 49,152 a------- c:\windows\system32\mapleapi.dll
2009-01-31 12:48 31,624 a------- c:\windows\system32\mapledxp.dll
2009-01-31 12:48 24,720 a------- c:\windows\system32\drivers\mapledxp.sys
2009-01-31 12:48 673,546 a------- c:\windows\unins000.exe
2009-01-31 12:48 53,248 a------- c:\windows\system32\drivers\maplevmd000.exe
2009-01-31 12:48 7,451 a------- c:\windows\unins000.dat
2009-01-31 12:44 <DIR> --d----- c:\docume~1\owner\applic~1\Propellerhead Software
2009-01-31 12:28 16 a------- c:\windows\system32\w3data.vss
2009-01-31 12:28 16 a------- c:\windows\system32\msvcsv60.dll
2009-01-31 12:28 16 a------- c:\windows\msocreg32.dat
2009-01-31 12:18 287,743 a------- c:\windows\LOOP.exe
2009-01-31 10:39 69,632 a------- c:\windows\system32\NI_DFD_KOMPAKT.dll
2009-01-31 10:39 69,632 a------- c:\windows\system32\NI_DFD_1_2_9.dll
2009-01-31 10:39 69,632 a------- c:\windows\system32\NI_DFD_1_2_7.dll
2009-01-31 10:39 69,632 a------- c:\windows\system32\NI_DFD_1_2_4.dll
2009-01-31 10:39 69,632 a------- c:\windows\system32\NI_DFD.dll
2009-01-31 10:39 <DIR> --d----- c:\program files\Native Instruments
2009-01-31 10:39 258,048 a------- c:\windows\system32\REX Shared Library.dll
2009-01-31 10:39 65,536 a------- c:\windows\system32\NI_DFD_1_2_8.dll
2009-01-31 08:08 109,930 ---shr-- C:\hl80c6b1.com
2009-01-30 15:30 719,872 a------- c:\windows\system32\devil.dll
2009-01-30 15:30 318,976 a------- c:\windows\system32\avisynth.dll
2009-01-30 13:16 <DIR> --d----- c:\docume~1\owner\applic~1\Antares
2009-01-30 13:16 <DIR> --d----- c:\program files\Antares Audio Technologies
2009-01-29 11:02 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-29 11:02 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-29 10:03 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-29 08:33 108,861 ---shr-- C:\8.bat
2009-01-25 20:16 <DIR> --d----- c:\program files\iZotope
2009-01-25 14:55 <DIR> --d----- c:\docume~1\owner\applic~1\NetMedia Providers
2009-01-25 14:44 <DIR> --d----- c:\program files\Vstplugins
2009-01-25 14:43 <DIR> --d----- c:\program files\Sony
2009-01-25 14:40 2,105,344 a------- c:\windows\system32\SET10C.tmp
2009-01-25 14:40 230,400 a------- c:\windows\system32\SET103.tmp
2009-01-25 14:40 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-25 14:23 <DIR> --d----- c:\program files\Sony Setup
2009-01-25 14:22 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-24 08:24 108,512 ---shr-- C:\uvsqfgwd.cmd
2009-01-22 08:47 107,882 ---shr-- C:\w98.com
2009-01-21 13:02 108,869 ---shr-- C:\gy.exe
2009-01-20 11:56 106,526 ---shr-- C:\gfqgq.cmd
2009-01-18 08:45 108,753 ---shr-- C:\j60osk9.cmd
2009-01-17 18:57 95,744 ---shr-- c:\windows\system32\nmdfgds1.dll
2009-01-17 18:56 69,120 a------- c:\windows\AhnRpta.exe
2009-01-17 10:41 110,003 ---shr-- C:\x2csvg.exe
2009-01-17 10:40 108,836 ---shr-- c:\windows\system32\olhrwef.exe
2009-01-17 10:40 95,744 ---shr-- c:\windows\system32\nmdfgds0.dll
2009-01-17 10:39 84,992 ---shr-- c:\windows\system32\gasretyw0.dll
2009-01-17 08:03 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-01-16 22:45 164,352 a------- c:\windows\system32\unrar.dll
2009-01-16 22:45 38 a------- c:\windows\avisplitter.ini
2009-01-16 22:44 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-01-16 17:37 388,608 a------- c:\windows\system32\CF5330.exe
2009-01-15 23:02 <DIR> --d----- c:\docume~1\owner\applic~1\Foxit
2009-01-15 22:07 <DIR> --d----- C:\b2be573407f5b331555877
2009-01-15 14:25 <DIR> --d----- c:\program files\Foxit Software
2009-01-12 12:41 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-01-12 12:41 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-01-12 12:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-12 12:34 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-12 12:29 1,419,232 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-01-12 12:29 23,680 a------- c:\windows\system32\drivers\motmodem.sys
2009-01-12 12:29 18,688 a------- c:\windows\system32\drivers\motccgp.sys
2009-01-12 12:29 8,320 a------- c:\windows\system32\drivers\motccgpfl.sys
2009-01-12 12:29 6,400 a------- c:\windows\system32\drivers\motswch.sys
2009-01-12 12:29 42,112 a------- c:\windows\system32\drivers\motodrv.sys
2009-01-12 12:28 <DIR> --d----- c:\program files\common files\Motorola Shared
2009-01-09 16:21 107,045 ---shr-- C:\m9ma.exe
2009-01-06 12:45 1,132 a------- c:\windows\cdplayer.ini
2009-01-06 10:24 <DIR> --d----- c:\docume~1\owner\applic~1\LimeWire
2009-01-06 10:23 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-06 10:23 73,728 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-01-22 10:19 90,112 a------- c:\windows\DUMP3c4d.tmp
2009-01-05 12:34 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-04 19:11 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-04 19:11 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-01 00:03 21,640 a------- c:\windows\system32\emptyregdb.dat
2006-05-03 22:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 23:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-17 01:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 10:07:37.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 11 February 2009 - 03:43 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 ravensheat

ravensheat
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 14 February 2009 - 04:52 AM

thank you for the reply sir, here is the malwarebytes log

Malwarebytes' Anti-Malware 1.34
Database version: 1761
Windows 5.1.2600 Service Pack 2

2/14/2009 10:38:43 PM
mbam-log-2009-02-14 (22-38-43).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 134817
Time elapsed: 55 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\afmain1.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\m0vnonh.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\gfqgq.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afmain0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afmain1.dll (Trojan.Agent) -> Delete on reboot.

#4 ravensheat

ravensheat
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 14 February 2009 - 04:57 AM

Here is the RSIT log file

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-02-14 22:53:28
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 20 GB (62%) free of 33 GB
Total RAM: 247 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:54 PM, on 2/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230841401390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 4931 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-04 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2008-06-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-06-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-06-06 118784]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-04 185872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-06 136600]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"USBFireWall"=C:\Program Files\Net Studio\USB_FW.exe [2008-03-22 1299968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2
"sdAuxService"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-06-06 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoTrayContextMenu"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\1utbfd.bat
shell\open\command - F:\1utbfd.bat


======List of files/folders created in the last 3 months======

2009-02-14 22:53:35 ----D---- C:\Program Files\trend micro
2009-02-14 22:53:28 ----D---- C:\rsit
2009-02-14 20:17:20 ----A---- C:\WINDOWS\isRS-000.tmp
2009-02-13 09:33:11 ----RSH---- C:\ur0.com
2009-02-11 07:54:36 ----RD---- C:\Documents and Settings\Owner\Application Data\Brother
2009-02-11 07:32:14 ----RSH---- C:\opgde.exe
2009-02-10 21:15:42 ----RSH---- C:\2aaxaiy.exe
2009-02-09 18:33:11 ----D---- C:\Documents and Settings\Owner\Application Data\Juce VST Host
2009-02-08 09:40:25 ----RSH---- C:\1utbfd.bat
2009-02-07 19:10:21 ----D---- C:\Program Files\AviSynth 2.5
2009-02-07 10:04:48 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2009-02-04 14:26:54 ----RSH---- C:\pook.com
2009-02-04 14:24:13 ----D---- C:\Program Files\Net Studio
2009-02-04 14:23:44 ----D---- C:\Program Files\USB FireWall
2009-02-04 13:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-02-04 13:29:41 ----D---- C:\Program Files\Realtek
2009-02-04 13:28:59 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-02-04 09:47:56 ----D---- C:\WINDOWS\ERUNT
2009-02-04 09:46:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-04 09:44:41 ----D---- C:\SDFix
2009-02-03 21:41:25 ----D---- C:\Program Files\Image-Line
2009-02-03 19:14:35 ----D---- C:\Program Files\Outsim
2009-02-03 15:40:10 ----D---- C:\Program Files\ASIO4ALL v2
2009-02-03 15:25:10 ----D---- C:\Documents and Settings\Owner\Application Data\FabFilter
2009-02-01 08:23:17 ----RSH---- C:\a2h2.com
2009-01-31 12:48:51 ----A---- C:\WINDOWS\system32\marblaxp.dll
2009-01-31 12:48:51 ----A---- C:\WINDOWS\system32\mapledxp.dll
2009-01-31 12:48:51 ----A---- C:\WINDOWS\system32\mapleapi.dll
2009-01-31 12:48:50 ----A---- C:\WINDOWS\unins000.exe
2009-01-31 12:44:58 ----D---- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
2009-01-31 12:28:37 ----A---- C:\WINDOWS\system32\msvcsv60.dll
2009-01-31 12:18:04 ----A---- C:\WINDOWS\LOOP.exe
2009-01-31 10:39:58 ----D---- C:\Program Files\Native Instruments
2009-01-31 10:39:58 ----A---- C:\WINDOWS\system32\NI_DFD_KOMPAKT.dll
2009-01-31 10:39:58 ----A---- C:\WINDOWS\system32\NI_DFD_1_2_9.dll
2009-01-31 10:39:58 ----A---- C:\WINDOWS\system32\NI_DFD_1_2_7.dll
2009-01-31 10:39:58 ----A---- C:\WINDOWS\system32\NI_DFD_1_2_4.dll
2009-01-31 10:39:58 ----A---- C:\WINDOWS\system32\NI_DFD.dll
2009-01-31 10:39:15 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2009-01-31 10:39:15 ----A---- C:\WINDOWS\system32\NI_DFD_1_2_8.dll
2009-01-31 08:08:17 ----RSH---- C:\hl80c6b1.com
2009-01-30 15:30:24 ----A---- C:\WINDOWS\system32\devil.dll
2009-01-30 15:30:24 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-01-30 13:16:51 ----D---- C:\Documents and Settings\Owner\Application Data\Antares
2009-01-30 13:16:50 ----D---- C:\Program Files\Antares Audio Technologies
2009-01-29 10:03:39 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-29 10:03:18 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-29 10:02:45 ----DC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-29 08:33:10 ----RSH---- C:\8.bat
2009-01-26 09:46:23 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-25 20:16:14 ----D---- C:\Program Files\iZotope
2009-01-25 14:55:09 ----D---- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
2009-01-25 14:55:08 ----D---- C:\Documents and Settings\Owner\Application Data\Publish Providers
2009-01-25 14:54:48 ----D---- C:\Documents and Settings\Owner\Application Data\Sony
2009-01-25 14:44:36 ----D---- C:\Program Files\Vstplugins
2009-01-25 14:43:34 ----D---- C:\Program Files\Sony
2009-01-25 14:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-01-25 14:40:47 ----A---- C:\WINDOWS\system32\SET10C.tmp
2009-01-25 14:40:47 ----A---- C:\WINDOWS\system32\SET103.tmp
2009-01-25 14:40:46 ----DC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-25 14:40:01 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-25 14:39:41 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-25 14:25:07 ----D---- C:\Documents and Settings\Owner\Application Data\Sony Setup
2009-01-25 14:23:47 ----D---- C:\Program Files\Sony Setup
2009-01-25 14:22:32 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-24 08:24:15 ----RSH---- C:\uvsqfgwd.cmd
2009-01-22 14:22:32 ----RSD---- C:\WINDOWS\assembly
2009-01-22 14:20:59 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-22 09:38:40 ----D---- C:\WINDOWS\Sun
2009-01-22 08:47:07 ----RSH---- C:\w98.com
2009-01-21 13:02:15 ----RSH---- C:\gy.exe
2009-01-18 08:45:38 ----RSH---- C:\j60osk9.cmd
2009-01-17 18:57:24 ----RSH---- C:\WINDOWS\system32\nmdfgds1.dll
2009-01-17 18:56:31 ----A---- C:\WINDOWS\AhnRpta.exe
2009-01-17 10:41:04 ----RSH---- C:\x2csvg.exe
2009-01-17 10:40:38 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll
2009-01-17 10:39:35 ----RSH---- C:\WINDOWS\system32\gasretyw0.dll
2009-01-17 08:03:24 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-01-16 22:45:05 ----A---- C:\WINDOWS\system32\unrar.dll
2009-01-16 22:45:03 ----A---- C:\WINDOWS\avisplitter.ini
2009-01-16 22:44:59 ----D---- C:\Program Files\K-Lite Codec Pack
2009-01-16 17:37:23 ----A---- C:\WINDOWS\system32\CF5330.exe
2009-01-16 17:33:08 ----SHD---- C:\RECYCLER
2009-01-16 17:22:07 ----D---- C:\WINDOWS\ERDNT
2009-01-15 23:02:49 ----D---- C:\Documents and Settings\Owner\Application Data\Foxit
2009-01-15 22:07:14 ----D---- C:\b2be573407f5b331555877
2009-01-15 21:58:53 ----SHD---- C:\Config.Msi
2009-01-15 14:25:21 ----D---- C:\Program Files\Foxit Software
2009-01-15 13:22:04 ----D---- C:\WINDOWS\Minidump
2009-01-12 12:33:42 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-01-12 12:29:16 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-01-12 12:29:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-12 12:28:50 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-01-12 12:15:52 ----D---- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2009-01-09 16:21:28 ----RSH---- C:\m9ma.exe
2009-01-06 22:06:55 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-01-06 22:06:32 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 12:45:59 ----A---- C:\WINDOWS\cdplayer.ini
2009-01-06 10:24:33 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2009-01-06 10:23:51 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-06 10:23:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-06 10:23:50 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-06 10:23:50 ----A---- C:\WINDOWS\system32\java.exe
2009-01-06 10:23:09 ----D---- C:\Program Files\Java
2009-01-06 10:21:24 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2009-01-05 07:31:38 ----D---- C:\Program Files\TVAnts
2009-01-04 21:15:09 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2009-01-04 21:15:09 ----A---- C:\WINDOWS\MOTA113.exe
2009-01-04 21:15:08 ----A---- C:\WINDOWS\x2.64.exe
2009-01-04 21:15:08 ----A---- C:\WINDOWS\system32\x.264.exe
2009-01-04 21:15:08 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-01-04 21:15:08 ----A---- C:\WINDOWS\meta4.exe
2009-01-04 21:14:53 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-01-04 21:14:53 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-01-04 21:14:53 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-01-04 21:14:46 ----D---- C:\Program Files\eRightSoft
2009-01-04 19:11:37 ----D---- C:\Program Files\Common Files\xing shared
2009-01-04 19:11:23 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-04 19:11:13 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-04 19:11:13 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-04 19:11:11 ----D---- C:\Program Files\Real
2009-01-04 19:11:11 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-01-04 19:11:11 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-01-04 19:11:10 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-04 17:34:04 ----D---- C:\Documents and Settings\Owner\Application Data\Real
2009-01-04 16:47:38 ----D---- C:\Documents and Settings\Owner\Application Data\AVS4YOU
2009-01-03 08:39:21 ----A---- C:\WINDOWS\system32\brss01a.ini
2009-01-03 08:39:21 ----A---- C:\WINDOWS\BRWMARK.INI
2009-01-03 08:39:21 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-01-03 08:38:27 ----A---- C:\WINDOWS\system32\bsplmf01.exe
2009-01-03 08:38:27 ----A---- C:\WINDOWS\system32\bsplmf01.dll
2009-01-03 08:38:27 ----A---- C:\WINDOWS\system32\BrWia05a.dll
2009-01-03 08:38:27 ----A---- C:\WINDOWS\system32\BrUSi05a.dll
2009-01-03 08:38:25 ----A---- C:\WINDOWS\system32\brsvc01a.exe
2009-01-03 08:38:24 ----A---- C:\WINDOWS\system32\brss01a.exe
2009-01-03 08:38:23 ----N---- C:\WINDOWS\system32\brinsstr.dll
2009-01-03 08:38:20 ----N---- C:\WINDOWS\system32\PDRVINST.DLL
2009-01-03 08:38:20 ----N---- C:\WINDOWS\system32\BRWEBUP.EXE
2009-01-03 08:38:20 ----N---- C:\WINDOWS\system32\BrWebIns.dll
2009-01-03 08:38:19 ----N---- C:\WINDOWS\system32\BrWiaNCp.dll
2009-01-03 08:38:19 ----N---- C:\WINDOWS\system32\Brnsplg.dll
2009-01-03 08:38:19 ----N---- C:\WINDOWS\system32\BrNetSti.dll
2009-01-03 08:38:19 ----D---- C:\Program Files\Brother
2009-01-03 08:38:11 ----D---- C:\Brother
2009-01-03 08:38:08 ----N---- C:\WINDOWS\system32\NSSearch.dll
2009-01-03 08:38:08 ----N---- C:\WINDOWS\system32\BrMuSNMP.dll
2009-01-03 08:38:08 ----N---- C:\WINDOWS\brunin03.dll
2009-01-03 08:35:42 ----D---- C:\Documents and Settings\All Users\Application Data\Brother
2009-01-02 16:12:40 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-01-02 16:10:35 ----D---- C:\Program Files\Microsoft Works
2009-01-02 16:10:03 ----D---- C:\Program Files\MSBuild
2009-01-02 16:09:02 ----D---- C:\Program Files\Microsoft Visual Studio
2009-01-02 16:09:02 ----D---- C:\Program Files\Common Files\DESIGNER
2009-01-02 15:58:54 ----D---- C:\WINDOWS\SHELLNEW
2009-01-02 15:56:03 ----D---- C:\Program Files\Microsoft Office
2009-01-02 15:55:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-02 15:53:56 ----RHD---- C:\MSOCache
2009-01-02 10:18:54 ----D---- C:\WINDOWS\pss
2009-01-02 10:01:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-02 09:28:40 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-02 09:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-02 09:28:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-02 09:28:12 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-01-02 09:24:05 ----A---- C:\WINDOWS\system32\wups2.dll
2009-01-02 09:24:04 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-01-02 09:24:04 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-01-02 09:24:03 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-02 09:24:03 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-01-01 21:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-01-01 14:21:29 ----D---- C:\Program Files\Common Files\Real
2009-01-01 14:20:37 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-01 14:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-01-01 14:12:24 ----D---- C:\Program Files\Common Files\AVSMedia
2009-01-01 14:11:39 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-01-01 14:11:39 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-01-01 14:11:39 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-01-01 14:11:38 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-01-01 14:11:38 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-01-01 12:57:16 ----A---- C:\WINDOWS\system32\h323log.txt
2009-01-01 12:53:16 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-01 12:53:16 ----A---- C:\WINDOWS\system32\HSFCISP2.dll
2009-01-01 12:52:37 ----A---- C:\WINDOWS\system32\usbui.dll
2009-01-01 12:51:15 ----A---- C:\WINDOWS\imsins.BAK
2009-01-01 12:51:11 ----SHD---- C:\WINDOWS\Installer
2009-01-01 12:51:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-01 12:51:10 ----D---- C:\Program Files\Common Files\ODBC
2009-01-01 12:51:10 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-01 12:51:06 ----RD---- C:\Program Files
2009-01-01 12:51:06 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-01-01 12:51:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-01 12:51:06 ----D---- C:\Program Files\Common Files
2009-01-01 12:51:03 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-01-01 12:51:03 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-01-01 12:51:03 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-01-01 12:51:01 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-01-01 12:51:01 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-01-01 12:50:59 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-01-01 12:50:56 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-01-01 12:50:56 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-01-01 12:50:56 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-01-01 12:50:56 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-01-01 12:50:56 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-01-01 12:50:56 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-01-01 12:50:56 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-01-01 12:50:50 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-01-01 12:50:50 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-01-01 12:50:50 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-01-01 12:50:50 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-01-01 12:50:49 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-01-01 12:50:47 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-01-01 12:50:44 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-01 12:50:44 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-01 12:50:44 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-01-01 12:50:44 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-01-01 12:50:44 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-01-01 12:50:42 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-01-01 12:50:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-01-01 12:50:42 ----A---- C:\WINDOWS\system32\batt.dll
2009-01-01 12:50:40 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-01-01 12:50:39 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-01 12:50:29 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-01 12:50:20 ----RA---- C:\WINDOWS\SET8.tmp
2009-01-01 12:50:13 ----RA---- C:\WINDOWS\SET4.tmp
2009-01-01 12:50:10 ----RA---- C:\WINDOWS\SET3.tmp
2009-01-01 12:50:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-01 12:50:02 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-01 12:49:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-01 12:48:44 ----A---- C:\WINDOWS\setuplog.txt
2009-01-01 12:48:38 ----SHD---- C:\System Volume Information
2009-01-01 12:48:38 ----D---- C:\Documents and Settings
2009-01-01 12:48:08 ----D---- C:\Program Files\FlashFXP
2009-01-01 12:47:42 ----SH---- C:\boot.ini
2009-01-01 12:41:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-01 12:41:28 ----RSD---- C:\WINDOWS\Fonts
2009-01-01 12:41:28 ----RD---- C:\WINDOWS\Web
2009-01-01 12:41:28 ----HD---- C:\WINDOWS\inf
2009-01-01 12:41:28 ----D---- C:\WINDOWS\WinSxS
2009-01-01 12:41:28 ----D---- C:\WINDOWS\twain_32
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Temp
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\wins
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\wbem
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\usmt
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\spool
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\ShellExt
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\Setup
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\ras
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\oobe
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\npp
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\mui
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\IME
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\icsxml
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\ias
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\export
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\drivers
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\dhcp
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\config
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\3com_dmi
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\3076
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\2052
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\1054
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\1042
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\1041
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\1037
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\1033
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\1031
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\1028
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32\1025
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system32
2009-01-01 12:41:28 ----D---- C:\WINDOWS\system
2009-01-01 12:41:28 ----D---- C:\WINDOWS\security
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Resources
2009-01-01 12:41:28 ----D---- C:\WINDOWS\repair
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Provisioning
2009-01-01 12:41:28 ----D---- C:\WINDOWS\PeerNet
2009-01-01 12:41:28 ----D---- C:\WINDOWS\pchealth
2009-01-01 12:41:28 ----D---- C:\WINDOWS\mui
2009-01-01 12:41:28 ----D---- C:\WINDOWS\msapps
2009-01-01 12:41:28 ----D---- C:\WINDOWS\msagent
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Media
2009-01-01 12:41:28 ----D---- C:\WINDOWS\java
2009-01-01 12:41:28 ----D---- C:\WINDOWS\ime
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Help
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Driver Cache
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Debug
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Cursors
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Connection Wizard
2009-01-01 12:41:28 ----D---- C:\WINDOWS\Config
2009-01-01 12:41:28 ----D---- C:\WINDOWS\AppPatch
2009-01-01 12:41:28 ----D---- C:\WINDOWS\addins
2009-01-01 12:41:28 ----D---- C:\WINDOWS
2009-01-01 12:41:28 ----A---- C:\WINDOWS\DUMP3c4d.tmp
2009-01-01 11:37:12 ----D---- C:\Program Files\PowerISO
2009-01-01 11:15:29 ----D---- C:\Documents and Settings\All Users\Application Data\FlashFXP
2009-01-01 01:53:39 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-01-01 01:52:46 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-01 01:52:22 ----D---- C:\Program Files\Realtek AC97
2009-01-01 01:52:22 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-01-01 01:52:18 ----A---- C:\WINDOWS\soundman.exe
2009-01-01 01:52:15 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-01-01 01:52:10 ----A---- C:\WINDOWS\alcupd.exe
2009-01-01 01:52:10 ----A---- C:\WINDOWS\Alcrmv.exe
2009-01-01 01:52:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-01 01:51:45 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-01 01:35:43 ----D---- C:\WINDOWS\WBEM
2009-01-01 01:35:15 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-01 01:34:28 ----HDC---- C:\WINDOWS\ie8
2009-01-01 01:34:28 ----D---- C:\WINDOWS\system32\en-US
2009-01-01 01:31:25 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-01-01 01:31:25 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-01-01 01:31:25 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-01-01 01:31:24 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-01-01 01:31:24 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-01-01 01:31:24 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-01-01 01:31:24 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-01-01 01:31:23 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-01-01 01:31:23 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-01-01 01:31:22 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-01-01 01:31:22 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-01-01 01:31:22 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-01-01 01:31:21 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-01-01 01:31:20 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-01-01 01:31:20 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-01-01 01:31:20 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-01-01 01:31:20 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-01-01 01:31:19 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-01-01 01:31:19 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-01-01 01:31:19 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-01-01 01:31:18 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-01-01 01:31:17 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-01-01 01:31:17 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-01-01 01:31:17 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-01-01 01:31:17 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-01-01 01:31:16 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-01-01 01:31:16 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-01-01 01:31:15 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-01-01 01:31:15 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-01-01 01:31:14 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-01-01 01:31:14 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-01-01 01:31:13 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-01-01 01:31:13 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-01-01 01:31:13 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-01-01 01:31:12 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-01-01 01:31:12 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-01-01 01:31:12 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-01-01 01:31:12 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-01-01 01:31:11 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-01-01 01:31:09 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-01-01 01:31:08 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-01-01 01:31:04 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-01-01 01:31:04 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-01-01 01:31:01 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-01-01 01:31:00 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-01-01 01:30:59 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-01-01 01:30:59 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-01-01 01:30:58 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-01-01 01:30:58 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-01-01 01:30:58 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-01-01 01:30:57 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-01-01 01:30:57 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-01-01 01:30:56 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-01-01 01:30:56 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-01-01 01:30:55 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-01-01 01:30:55 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-01-01 01:30:54 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-01-01 01:30:54 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-01-01 01:30:54 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-01-01 01:30:54 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-01-01 01:30:53 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-01-01 01:30:52 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-01-01 01:30:52 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-01-01 01:30:52 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-01-01 01:30:51 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-01-01 01:28:58 ----HD---- C:\WINDOWS\msdownld.tmp
2009-01-01 01:28:51 ----D---- C:\WINDOWS\Logs
2009-01-01 01:27:51 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-01 01:15:23 ----D---- C:\WINDOWS\system32\Lang
2009-01-01 01:09:59 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-01-01 01:09:59 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-01-01 01:02:43 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-01 01:02:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-01 01:02:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-01 00:57:43 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2009-01-01 00:56:49 ----D---- C:\Program Files\WinRAR
2009-01-01 00:53:08 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-01-01 00:51:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxhk.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxeud.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxdiag.exe
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxdgps.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\ialmrem.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\ialmgicd.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\ialmgdev.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\iAlmCoIn_v3847.dll
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-01-01 00:51:18 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-01-01 00:51:17 ----D---- C:\WINDOWS\Drivers
2009-01-01 00:29:32 ----D---- C:\Swsetup
2009-01-01 00:26:02 ----D---- C:\Intel
2009-01-01 00:18:00 ----A---- C:\WINDOWS\system32\wpa.bak
2009-01-01 00:13:16 ----HD---- C:\Program Files\Uninstall Information
2009-01-01 00:13:06 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2009-01-01 00:13:05 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-01-01 00:12:54 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-01 00:12:50 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-01 00:12:50 ----D---- C:\WINDOWS\Prefetch
2009-01-01 00:12:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 00:07:49 ----D---- C:\WINDOWS\system32\xircom
2009-01-01 00:07:49 ----D---- C:\Program Files\xerox
2009-01-01 00:07:49 ----D---- C:\Program Files\microsoft frontpage
2009-01-01 00:07:29 ----A---- C:\WINDOWS\control.ini
2009-01-01 00:07:29 ----A---- C:\AUTOEXEC.BAT
2009-01-01 00:07:09 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-01 00:07:01 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-01 00:05:30 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-01 00:05:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-01 00:05:29 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-01 00:05:19 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-01 00:05:11 ----HD---- C:\Program Files\WindowsUpdate
2009-01-01 00:04:45 ----D---- C:\WINDOWS\system32\DirectX
2009-01-01 00:04:23 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-01 00:04:21 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-01 00:04:21 ----A---- C:\WINDOWS\desktop.ini
2009-01-01 00:04:14 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-01 00:04:11 ----D---- C:\Program Files\Common Files\Services
2009-01-01 00:04:11 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-01 00:04:09 ----SD---- C:\WINDOWS\Tasks
2009-01-01 00:04:09 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-01 00:04:07 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-01 00:04:04 ----D---- C:\WINDOWS\srchasst
2009-01-01 00:04:03 ----D---- C:\WINDOWS\system32\Macromed
2009-01-01 00:03:58 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-01 00:03:58 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-01 00:03:58 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-01 00:03:58 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-01 00:03:58 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-01 00:03:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-01 00:03:58 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-01 00:03:58 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-01 00:03:57 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-01 00:03:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-01 00:03:57 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-01 00:03:57 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-01 00:03:57 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-01 00:03:53 ----D---- C:\Program Files\Movie Maker
2009-01-01 00:03:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-01 00:03:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-01 00:03:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-01 00:03:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-01 00:03:46 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-01-01 00:03:46 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-01 00:03:45 ----D---- C:\WINDOWS\system32\Restore
2009-01-01 00:03:45 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-01 00:03:45 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-01 00:03:45 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-01 00:03:39 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-01 00:03:39 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-01 00:03:38 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-01 00:03:38 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-01 00:03:38 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-01 00:03:38 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-01 00:03:36 ----D---- C:\Program Files\NetMeeting
2009-01-01 00:03:36 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-01 00:03:35 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-01 00:03:35 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-01 00:03:34 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-01 00:03:33 ----D---- C:\Program Files\Outlook Express
2009-01-01 00:03:33 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-01 00:03:32 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-01 00:03:32 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-01 00:03:32 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-01 00:03:32 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-01 00:03:32 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-01 00:03:32 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-01 00:03:26 ----D---- C:\Program Files\Common Files\System
2009-01-01 00:03:23 ----D---- C:\Program Files\Internet Explorer
2009-01-01 00:03:06 ----D---- C:\Program Files\ComPlus Applications
2009-01-01 00:03:03 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-01 00:03:03 ----A---- C:\WINDOWS\vb.ini
2009-01-01 00:02:55 ----D---- C:\WINDOWS\Registration
2009-01-01 00:02:10 ----D---- C:\Program Files\Online Services
2009-01-01 00:02:09 ----D---- C:\Program Files\Windows Media Player
2009-01-01 00:02:02 ----D---- C:\Program Files\Messenger
2009-01-01 00:01:54 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-01 00:01:54 ----A---- C:\WINDOWS\system32\write.exe
2009-01-01 00:01:46 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-01 00:01:46 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-01 00:01:45 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-01 00:01:45 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-01 00:01:45 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-01 00:01:45 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-01 00:01:38 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-01 00:01:38 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-01 00:01:38 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-01 00:01:32 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-01 00:01:31 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-01 00:01:30 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-01 00:01:29 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-01 00:01:29 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-01 00:01:29 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-01 00:01:29 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-01 00:01:29 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-01 00:01:29 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-01 00:01:28 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-01 00:01:27 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-01 00:01:17 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-01 00:01:07 ----D---- C:\Program Files\MSN
2009-01-01 00:01:05 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-01 00:01:05 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-01 00:01:05 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-01 00:01:05 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-01 00:01:04 ----D---- C:\Program Files\Windows NT
2009-01-01 00:01:04 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-01 00:01:04 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-01 00:01:04 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-01 00:01:03 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-01 00:01:03 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-01 00:01:03 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-01 00:01:03 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-01 00:01:03 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-01 00:01:03 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-01 00:01:02 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-01-01 00:01:02 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-01 00:01:02 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-01 00:01:02 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-01 00:01:01 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-01 00:01:01 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-01 00:01:01 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-01 00:01:01 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-01 00:01:01 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-01 00:01:00 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-01 00:01:00 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-01 00:01:00 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-01 00:01:00 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-01 00:01:00 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-01 00:00:59 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-01 00:00:59 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-01 00:00:59 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-01 00:00:59 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-01 00:00:58 ----D---- C:\WINDOWS\system32\Com
2009-01-01 00:00:58 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-01 00:00:58 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-01 00:00:58 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-01 00:00:58 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-01 00:00:58 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-01 00:00:57 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-01 00:00:57 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-01 00:00:57 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-01 00:00:52 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-01 00:00:52 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-01 00:00:52 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-01 00:00:52 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 3 months======

2009-01-29 11:01:51 ----A---- C:\WINDOWS\win.ini
2009-01-16 17:27:16 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 36096]
R1 mapledxp;mapledxp; C:\WINDOWS\System32\drivers\mapledxp.SYS [2004-04-05 24720]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-06-06 730653]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-06 152984]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

-----------------EOF-----------------

#5 ravensheat

ravensheat
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 14 February 2009 - 05:00 AM

Here is the Rsit info file

info.txt logfile of random's system information tool 1.05 2009-02-14 22:54:02

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACID Pro 7.0-->MsiExec.exe /X{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Antares Autotune VST v5.09-->"C:\Program Files\Antares Audio Technologies\Uninstall\unins000.exe"
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Bome's Mouse Keyboard 2.00-->"C:\Program Files\Vstplugins\Kontakt\Bome's Mouse Keyboard\unins000.exe"
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
FabFilter Volcano v1.20 VST-->C:\PROGRA~1\VSTPLU~1\Volcano\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Volcano\INSTALL.LOG
FireBird v1.1-->"C:\Program Files\Vstplugins\unins000.exe"
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hurchalla Maple VMidi Cable v3.56-->"C:\WINDOWS\unins000.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iZotope iDrum Factory Content-->"C:\Documents and Settings\Owner\My Documents\iZotope iDrum Content\unins000.exe"
iZotope iDrum-->"C:\Program Files\iZotope\iDrum\unins000.exe"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.4.2 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Native Instruments Pro-53-->C:\PROGRA~1\NATIVE~1\Pro-53\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Pro-53\INSTALL.LOG
Native Instruments Service Center-->C:\DOCUME~1\Owner\Desktop\SERVIC~1\UNWISE.EXE C:\DOCUME~1\Owner\Desktop\SERVIC~1\INSTALL.LOG
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RGC.Audio.z3ta+_Access.Virus.VSTi.v1.2.Retail-Elite.-->C:\Program Files\Vstplugins\RGC.Audio.z3ta+_Access.Virus.VSTi.v1.2.Retail-Elite\Uninstal.exe
Rob Papen Albino 3-->C:\Program Files\Vstplugins\UninstalAlbino3.exe
Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
USB FireWall-->"C:\Program Files\InstallShield Installation Information\{104C20FA-8F42-4958-B746-2A043DE1ECBF}\setup.exe" -runfromtemp -l0x0009 -removeonly
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 localhost

System event log

Computer Name: UNSIGNED-HYPE
Event Code: 6006
Message: The Event log service was stopped.

Record Number: 4780
Source Name: EventLog
Time Written: 20090129170312.000000+780
Event Type: information
User:

Computer Name: UNSIGNED-HYPE
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{3461FD08-77BC-4F17-8440-2D672449AF95} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 4779
Source Name: Tcpip
Time Written: 20090129170240.000000+780
Event Type: information
User:

Computer Name: UNSIGNED-HYPE
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 4778
Source Name: Tcpip
Time Written: 20090129162143.000000+780
Event Type: warning
User:

Computer Name: UNSIGNED-HYPE
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 4777
Source Name: Service Control Manager
Time Written: 20090129155858.000000+780
Event Type: information
User:

Computer Name: UNSIGNED-HYPE
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 4776
Source Name: Service Control Manager
Time Written: 20090129155856.000000+780
Event Type: information
User: UNSIGNED-HYPE\Owner

Application event log

Computer Name: UNSIGNED-HYPE
Event Code: 1000
Message: Performance counters for the ContentIndex (ContentIndex) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090101000213.000000+780
Event Type: information
User:

Computer Name: UNSIGNED-HYPE
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090101000209.000000+780
Event Type: information
User:

Computer Name: UNSIGNED-HYPE
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20081231235854.000000+780
Event Type: information
User:

Computer Name: UNSIGNED-HYPE
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20081231235816.000000+780
Event Type: information
User:

Computer Name: UNSIGNED-HYPE
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20081231235815.000000+780
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\iZotope\Runtimes
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#6 ravensheat

ravensheat
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 14 February 2009 - 05:25 AM

Attached is the Gmer file. Thank you for your help thus far

Attached Files

  • Attached File  Gmer.txt   5.03KB   21 downloads


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 14 February 2009 - 07:04 AM

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 ravensheat

ravensheat
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 February 2009 - 01:38 AM

Thanks for the fast reply. SDfix log


SDFix: Version 1.240
Run by Administrator on Sun 02/15/2009 at 06:51 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 18:58:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 10 Feb 2009 109,006 ..SHR --- "C:\2aaxaiy.exe"
Sun 1 Feb 2009 109,930 ..SHR --- "C:\a2h2.com"
Wed 21 Jan 2009 108,869 ..SHR --- "C:\gy.exe"
Sun 1 Feb 2009 109,930 ..SHR --- "C:\hl80c6b1.com"
Tue 9 Dec 2008 107,045 ..SHR --- "C:\m9ma.exe"
Thu 12 Feb 2009 108,067 ..SHR --- "C:\opgde.exe"
Thu 5 Feb 2009 108,705 ..SHR --- "C:\pook.com"
Sun 15 Feb 2009 107,898 ..SHR --- "C:\ur0.com"
Fri 23 Jan 2009 107,882 ..SHR --- "C:\w98.com"
Sat 17 Jan 2009 110,003 ..SHR --- "C:\x2csvg.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sun 18 Jan 2009 84,992 ..SHR --- "C:\WINDOWS\system32\gasretyw0.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Mar 2008 216,064 ..SHR --- "C:\WINDOWS\system32\nbDX.dll"
Sun 15 Feb 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds0.dll"
Sun 15 Feb 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds1.dll"
Sun 15 Feb 2009 107,898 ..SHR --- "C:\WINDOWS\system32\olhrwef.exe"
Mon 27 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Wed 22 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sun 4 Jan 2009 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Mon 22 Aug 2005 79,872 ...H. --- "C:\Swsetup\Monitors\SP29916\hpinsx64.exe"
Sun 25 Jan 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Mon 10 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Mon 10 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Wed 11 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Sat 21 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Mon 10 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Mon 10 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"

Finished!



ComboFix

ComboFix 09-02-12.03 - Owner 2009-02-15 19:16:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.61 [GMT 13:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1utbfd.bat
C:\2aaxaiy.exe
C:\8.bat
C:\autorun.inf
C:\j60osk9.cmd
C:\pook.com
C:\uvsqfgwd.cmd
c:\windows\system32\gasretyw0.dll
c:\windows\system32\msvcsv60.dll
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\1utbfd.bat
D:\2aaxaiy.exe
D:\8.bat
D:\Autorun.inf
D:\gfqgq.cmd
D:\j60osk9.cmd
D:\m0vnonh.bat
D:\pook.com
D:\uvsqfgwd.cmd

.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-14 23:01 . 2009-02-14 23:06 250 --a------ c:\windows\gmer.ini
2009-02-14 22:53 . 2009-02-14 22:54 <DIR> d-------- C:\rsit
2009-02-14 22:53 . 2009-02-14 22:53 <DIR> d-------- c:\program files\trend micro
2009-02-14 21:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 21:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-14 20:17 . 2009-02-14 20:17 685,056 --a------ c:\windows\isRS-000.tmp
2009-02-13 09:33 . 2009-02-15 14:51 107,898 -r-hs---- C:\ur0.com
2009-02-11 07:54 . 2009-02-11 07:54 <DIR> dr------- c:\documents and settings\Owner\Application Data\Brother
2009-02-11 07:32 . 2009-02-12 08:02 108,067 -r-hs---- C:\opgde.exe
2009-02-09 18:33 . 2009-02-09 18:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Juce VST Host
2009-02-07 19:10 . 2009-02-07 19:10 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-07 10:04 . 2009-02-07 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\eboostr
2009-02-04 14:24 . 2009-02-04 14:24 <DIR> d-------- c:\program files\Net Studio
2009-02-04 14:23 . 2009-02-04 14:25 <DIR> d-------- c:\program files\USB FireWall
2009-02-04 13:31 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2009-02-04 13:29 . 2009-02-04 13:29 <DIR> d-------- c:\program files\Realtek
2009-02-04 13:28 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-02-04 09:47 . 2009-02-04 09:48 <DIR> d-------- c:\windows\ERUNT
2009-02-04 09:46 . 2009-02-04 09:47 <DIR> d-------- c:\documents and settings\Administrator
2009-02-04 09:44 . 2009-02-15 19:05 <DIR> d-------- C:\SDFix
2009-02-03 21:41 . 2009-02-03 21:47 <DIR> d-------- c:\program files\Image-Line
2009-02-03 19:15 . 2002-07-08 11:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-02-03 19:14 . 2009-02-03 19:14 <DIR> d-------- c:\program files\Outsim
2009-02-03 18:57 . 2000-05-22 16:58 608,448 --a------ c:\windows\system32\COMCTL32.OCX
2009-02-03 15:40 . 2009-02-03 15:40 <DIR> d-------- c:\program files\ASIO4ALL v2
2009-02-03 15:25 . 2009-02-03 15:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\FabFilter
2009-02-01 08:23 . 2009-02-01 08:22 109,930 -r-hs---- C:\a2h2.com
2009-01-31 12:48 . 2009-01-31 12:48 673,546 --a------ c:\windows\unins000.exe
2009-01-31 12:48 . 2003-09-22 17:10 61,440 --a------ c:\windows\system32\marblaxp.dll
2009-01-31 12:48 . 2003-09-22 17:10 53,248 --a------ c:\windows\system32\drivers\maplevmd000.exe
2009-01-31 12:48 . 2003-09-22 17:09 49,152 --a------ c:\windows\system32\mapleapi.dll
2009-01-31 12:48 . 2003-09-22 17:10 31,624 --a------ c:\windows\system32\mapledxp.dll
2009-01-31 12:48 . 2004-04-05 10:44 24,720 --a------ c:\windows\system32\drivers\mapledxp.sys
2009-01-31 12:48 . 2009-01-31 12:48 7,451 --a------ c:\windows\unins000.dat
2009-01-31 12:44 . 2009-01-31 12:44 <DIR> d-------- c:\documents and settings\Owner\Application Data\Propellerhead Software
2009-01-31 12:28 . 2009-02-04 13:22 16 --a------ c:\windows\system32\w3data.vss
2009-01-31 12:28 . 2009-02-04 13:22 16 --a------ c:\windows\msocreg32.dat
2009-01-31 12:18 . 2003-10-08 22:54 287,743 --a------ c:\windows\LOOP.exe
2009-01-31 10:39 . 2009-02-09 18:15 <DIR> d-------- c:\program files\Native Instruments
2009-01-31 10:39 . 2003-11-07 15:14 258,048 --a------ c:\windows\system32\REX Shared Library.dll
2009-01-31 10:39 . 2003-12-04 12:47 69,632 --a------ c:\windows\system32\NI_DFD_KOMPAKT.dll
2009-01-31 10:39 . 2004-02-25 18:19 69,632 --a------ c:\windows\system32\NI_DFD_1_2_9.dll
2009-01-31 10:39 . 2003-12-15 16:02 69,632 --a------ c:\windows\system32\NI_DFD_1_2_7.dll
2009-01-31 10:39 . 2003-12-04 12:47 69,632 --a------ c:\windows\system32\NI_DFD_1_2_4.dll
2009-01-31 10:39 . 2003-12-15 16:02 69,632 --a------ c:\windows\system32\NI_DFD.dll
2009-01-31 10:39 . 2004-01-15 12:41 65,536 --a------ c:\windows\system32\NI_DFD_1_2_8.dll
2009-01-31 08:08 . 2009-02-01 08:22 109,930 -r-hs---- C:\hl80c6b1.com
2009-01-30 15:30 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll
2009-01-30 15:30 . 2007-05-17 17:30 318,976 --a------ c:\windows\system32\avisynth.dll
2009-01-30 13:16 . 2009-01-30 13:16 <DIR> d-------- c:\program files\Antares Audio Technologies
2009-01-30 13:16 . 2009-01-30 13:16 <DIR> d-------- c:\documents and settings\Owner\Application Data\Antares
2009-01-29 11:02 . 2009-01-29 11:02 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-01-29 11:02 . 2009-01-29 11:02 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-01-29 10:03 . 2004-08-05 01:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-26 09:46 . 2009-01-26 09:46 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-25 20:16 . 2009-01-25 20:16 <DIR> d-------- c:\program files\iZotope
2009-01-25 14:55 . 2009-01-25 14:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\Publish Providers
2009-01-25 14:55 . 2009-01-25 14:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\NetMedia Providers
2009-01-25 14:54 . 2009-01-25 14:54 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sony
2009-01-25 14:44 . 2009-02-11 12:53 <DIR> d-------- c:\program files\Vstplugins
2009-01-25 14:43 . 2009-01-25 15:14 <DIR> d-------- c:\program files\Sony
2009-01-25 14:40 . 2009-01-25 14:40 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-25 14:40 . 2009-01-29 10:46 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-01-25 14:40 . 2004-08-05 01:00 2,105,344 --a------ c:\windows\system32\SET10C.tmp
2009-01-25 14:40 . 2004-08-05 01:00 230,400 --a------ c:\windows\system32\SET103.tmp
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sony Setup
2009-01-25 14:23 . 2009-01-25 15:13 <DIR> d-------- c:\program files\Sony Setup
2009-01-25 14:22 . 2009-01-25 14:22 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-22 09:38 . 2009-01-22 09:38 <DIR> d-------- c:\windows\Sun
2009-01-22 08:47 . 2009-01-23 07:53 107,882 -r-hs---- C:\w98.com
2009-01-21 13:02 . 2009-01-21 13:01 108,869 -r-hs---- C:\gy.exe
2009-01-17 18:56 . 2004-08-05 01:00 69,120 --a------ c:\windows\AhnRpta.exe
2009-01-17 10:41 . 2009-01-17 19:35 110,003 -r-hs---- C:\x2csvg.exe
2009-01-17 08:03 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\yv12vfw.dll
2009-01-16 22:45 . 2007-09-05 05:56 164,352 --a------ c:\windows\system32\unrar.dll
2009-01-16 22:45 . 2008-07-31 08:09 38 --a------ c:\windows\avisplitter.ini
2009-01-16 22:44 . 2009-01-16 22:45 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-15 23:02 . 2009-01-15 23:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\Foxit
2009-01-15 22:07 . 2009-01-15 22:07 <DIR> d-------- C:\b2be573407f5b331555877
2009-01-15 14:25 . 2009-01-15 14:25 <DIR> d-------- c:\program files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 08:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-04 01:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 21:19 90,112 ----a-w c:\windows\DUMP3c4d.tmp
2009-01-16 22:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-11 23:41 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-01-11 23:41 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-01-11 23:34 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-11 23:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-11 23:28 --------- d-----w c:\program files\Common Files\Motorola Shared
2009-01-11 23:16 --------- d-----w c:\documents and settings\Owner\Application Data\Media Player Classic
2009-01-05 21:50 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-01-05 21:23 --------- d-----w c:\program files\Java
2009-01-04 18:31 --------- d-----w c:\program files\TVAnts
2009-01-04 08:14 --------- d-----w c:\program files\eRightSoft
2009-01-04 06:11 --------- d-----w c:\program files\Real
2009-01-04 06:11 --------- d-----w c:\program files\Common Files\xing shared
2009-01-04 06:11 --------- d-----w c:\program files\Common Files\Real
2009-01-04 04:48 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-04 03:47 --------- d-----w c:\documents and settings\Owner\Application Data\AVS4YOU
2009-01-02 19:38 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-02 19:38 --------- d-----w c:\program files\Brother
2009-01-02 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\Brother
2009-01-02 03:10 --------- d-----w c:\program files\MSBuild
2009-01-02 03:10 --------- d-----w c:\program files\Microsoft Works
2009-01-01 21:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 08:30 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-01 01:13 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-31 23:48 --------- d-----w c:\program files\FlashFXP
2008-12-31 22:37 --------- d-----w c:\program files\PowerISO
2008-12-31 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\FlashFXP
2008-12-31 12:52 --------- d-----w c:\program files\Realtek AC97
2008-12-31 12:02 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-31 12:02 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-31 11:07 --------- d-----w c:\program files\microsoft frontpage
2008-12-08 19:38 107,045 --sh--r C:\m9ma.exe
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"USBFireWall"="c:\program files\Net Studio\USB_FW.exe" [2008-03-22 1299968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-04 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-06 136600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"midi1"= mapledxp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2009-01-31 24720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-14 179856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-14 15504]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-01-12 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-01-12 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-01-12 42112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\1utbfd.bat
\Shell\open\Command - F:\1utbfd.bat
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k0us1k4b.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 19:22:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-15 19:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 06:28:07

Pre-Run: 21,106,286,592 bytes free
Post-Run: 21,516,730,368 bytes free

231

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:42 PM, on 2/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230841401390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 4764 bytes

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 15 February 2009 - 02:22 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\2aaxaiy.exe
C:\a2h2.com
C:\gy.exe
C:\hl80c6b1.com
C:\m9ma.exe
C:\opgde.exe
C:\pook.com
C:\ur0.com
C:\w98.com
C:\x2csvg.exe
C:\WINDOWS\system32\gasretyw0.dll
C:\WINDOWS\system32\nmdfgds0.dll
C:\WINDOWS\system32\nmdfgds1.dll
C:\WINDOWS\system32\olhrwef.exe
c:\windows\isRS-000.tmp
C:\opgde.exe
c:\windows\LOOP.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 ravensheat

ravensheat
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 February 2009 - 03:34 PM

combofix log

ComboFix 09-02-12.03 - Administrator 2009-02-16 9:18:33.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.155 [GMT 13:00]
Running from: c:\documents and settings\Owner\Desktop\Logs\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\Logs\CFScript.txt


FILE ::
C:\2aaxaiy.exe
C:\a2h2.com
C:\gy.exe
C:\hl80c6b1.com
C:\m9ma.exe
C:\opgde.exe
C:\pook.com
C:\ur0.com
C:\w98.com
c:\windows\isRS-000.tmp
c:\windows\LOOP.exe
c:\windows\system32\gasretyw0.dll
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
C:\x2csvg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a2h2.com
C:\gy.exe
C:\hl80c6b1.com
C:\m9ma.exe
C:\opgde.exe
C:\ur0.com
C:\w98.com
c:\windows\isRS-000.tmp
c:\windows\LOOP.exe
C:\x2csvg.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-14 23:01 . 2009-02-14 23:06 250 --a------ c:\windows\gmer.ini
2009-02-14 22:53 . 2009-02-14 22:54 <DIR> d-------- C:\rsit
2009-02-14 22:53 . 2009-02-15 19:34 <DIR> d-------- c:\program files\trend micro
2009-02-14 21:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-14 21:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 07:54 . 2009-02-11 07:54 <DIR> dr------- c:\documents and settings\Owner\Application Data\Brother
2009-02-09 18:33 . 2009-02-09 18:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Juce VST Host
2009-02-07 19:10 . 2009-02-07 19:10 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-07 10:04 . 2009-02-07 16:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\eboostr
2009-02-04 14:24 . 2009-02-04 14:24 <DIR> d-------- c:\program files\Net Studio
2009-02-04 14:23 . 2009-02-04 14:25 <DIR> d-------- c:\program files\USB FireWall
2009-02-04 13:31 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2009-02-04 13:29 . 2009-02-04 13:29 <DIR> d-------- c:\program files\Realtek
2009-02-04 13:28 . 2008-08-25 16:17 528,384 --a------ c:\windows\RtlExUpd.dll
2009-02-04 09:47 . 2009-02-04 09:48 <DIR> d-------- c:\windows\ERUNT
2009-02-04 09:46 . 2009-02-04 09:47 <DIR> d-------- c:\documents and settings\Administrator
2009-02-04 09:44 . 2009-02-15 19:05 <DIR> d-------- C:\SDFix
2009-02-03 21:41 . 2009-02-03 21:47 <DIR> d-------- c:\program files\Image-Line
2009-02-03 19:15 . 2002-07-08 11:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-02-03 19:14 . 2009-02-03 19:14 <DIR> d-------- c:\program files\Outsim
2009-02-03 18:57 . 2000-05-22 16:58 608,448 --a------ c:\windows\system32\COMCTL32.OCX
2009-02-03 15:40 . 2009-02-03 15:40 <DIR> d-------- c:\program files\ASIO4ALL v2
2009-02-03 15:25 . 2009-02-03 15:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\FabFilter
2009-01-31 12:48 . 2009-01-31 12:48 673,546 --a------ c:\windows\unins000.exe
2009-01-31 12:48 . 2003-09-22 17:10 61,440 --a------ c:\windows\system32\marblaxp.dll
2009-01-31 12:48 . 2003-09-22 17:10 53,248 --a------ c:\windows\system32\drivers\maplevmd000.exe
2009-01-31 12:48 . 2003-09-22 17:09 49,152 --a------ c:\windows\system32\mapleapi.dll
2009-01-31 12:48 . 2003-09-22 17:10 31,624 --a------ c:\windows\system32\mapledxp.dll
2009-01-31 12:48 . 2004-04-05 10:44 24,720 --a------ c:\windows\system32\drivers\mapledxp.sys
2009-01-31 12:48 . 2009-01-31 12:48 7,451 --a------ c:\windows\unins000.dat
2009-01-31 12:44 . 2009-01-31 12:44 <DIR> d-------- c:\documents and settings\Owner\Application Data\Propellerhead Software
2009-01-31 12:28 . 2009-02-04 13:22 16 --a------ c:\windows\system32\w3data.vss
2009-01-31 12:28 . 2009-02-04 13:22 16 --a------ c:\windows\msocreg32.dat
2009-01-31 10:39 . 2009-02-09 18:15 <DIR> d-------- c:\program files\Native Instruments
2009-01-31 10:39 . 2003-11-07 15:14 258,048 --a------ c:\windows\system32\REX Shared Library.dll
2009-01-31 10:39 . 2003-12-04 12:47 69,632 --a------ c:\windows\system32\NI_DFD_KOMPAKT.dll
2009-01-31 10:39 . 2004-02-25 18:19 69,632 --a------ c:\windows\system32\NI_DFD_1_2_9.dll
2009-01-31 10:39 . 2003-12-15 16:02 69,632 --a------ c:\windows\system32\NI_DFD_1_2_7.dll
2009-01-31 10:39 . 2003-12-04 12:47 69,632 --a------ c:\windows\system32\NI_DFD_1_2_4.dll
2009-01-31 10:39 . 2003-12-15 16:02 69,632 --a------ c:\windows\system32\NI_DFD.dll
2009-01-31 10:39 . 2004-01-15 12:41 65,536 --a------ c:\windows\system32\NI_DFD_1_2_8.dll
2009-01-30 15:30 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll
2009-01-30 15:30 . 2007-05-17 17:30 318,976 --a------ c:\windows\system32\avisynth.dll
2009-01-30 13:16 . 2009-01-30 13:16 <DIR> d-------- c:\program files\Antares Audio Technologies
2009-01-30 13:16 . 2009-01-30 13:16 <DIR> d-------- c:\documents and settings\Owner\Application Data\Antares
2009-01-29 11:02 . 2009-01-29 11:02 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-01-29 11:02 . 2009-01-29 11:02 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-01-29 10:03 . 2004-08-05 01:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-26 09:46 . 2009-01-26 09:46 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-25 20:16 . 2009-01-25 20:16 <DIR> d-------- c:\program files\iZotope
2009-01-25 14:55 . 2009-01-25 14:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\Publish Providers
2009-01-25 14:55 . 2009-01-25 14:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\NetMedia Providers
2009-01-25 14:54 . 2009-01-25 14:54 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sony
2009-01-25 14:44 . 2009-02-11 12:53 <DIR> d-------- c:\program files\Vstplugins
2009-01-25 14:43 . 2009-01-25 15:14 <DIR> d-------- c:\program files\Sony
2009-01-25 14:40 . 2009-01-25 14:40 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-25 14:40 . 2009-01-29 10:46 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-01-25 14:40 . 2004-08-05 01:00 2,105,344 --a------ c:\windows\system32\SET10C.tmp
2009-01-25 14:40 . 2004-08-05 01:00 230,400 --a------ c:\windows\system32\SET103.tmp
2009-01-25 14:25 . 2009-01-25 14:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sony Setup
2009-01-25 14:23 . 2009-01-25 15:13 <DIR> d-------- c:\program files\Sony Setup
2009-01-25 14:22 . 2009-01-25 14:22 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-22 09:38 . 2009-01-22 09:38 <DIR> d-------- c:\windows\Sun
2009-01-17 18:56 . 2004-08-05 01:00 69,120 --a------ c:\windows\AhnRpta.exe
2009-01-17 08:03 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\yv12vfw.dll
2009-01-16 22:45 . 2007-09-05 05:56 164,352 --a------ c:\windows\system32\unrar.dll
2009-01-16 22:45 . 2008-07-31 08:09 38 --a------ c:\windows\avisplitter.ini
2009-01-16 22:44 . 2009-01-16 22:45 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-15 23:02 . 2009-01-15 23:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\Foxit
2009-01-15 22:07 . 2009-01-15 22:07 <DIR> d-------- C:\b2be573407f5b331555877
2009-01-15 14:25 . 2009-01-15 14:25 <DIR> d-------- c:\program files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 08:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-04 01:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 21:19 90,112 ----a-w c:\windows\DUMP3c4d.tmp
2009-01-16 22:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-11 23:41 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-01-11 23:41 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-01-11 23:34 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-11 23:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-11 23:28 --------- d-----w c:\program files\Common Files\Motorola Shared
2009-01-11 23:16 --------- d-----w c:\documents and settings\Owner\Application Data\Media Player Classic
2009-01-05 21:50 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2009-01-05 21:23 --------- d-----w c:\program files\Java
2009-01-04 18:31 --------- d-----w c:\program files\TVAnts
2009-01-04 08:14 --------- d-----w c:\program files\eRightSoft
2009-01-04 06:11 --------- d-----w c:\program files\Real
2009-01-04 06:11 --------- d-----w c:\program files\Common Files\xing shared
2009-01-04 06:11 --------- d-----w c:\program files\Common Files\Real
2009-01-04 04:48 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-04 03:47 --------- d-----w c:\documents and settings\Owner\Application Data\AVS4YOU
2009-01-02 19:38 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-02 19:38 --------- d-----w c:\program files\Brother
2009-01-02 19:35 --------- d-----w c:\documents and settings\All Users\Application Data\Brother
2009-01-02 03:10 --------- d-----w c:\program files\MSBuild
2009-01-02 03:10 --------- d-----w c:\program files\Microsoft Works
2009-01-01 21:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 08:30 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-01 01:13 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-31 23:48 --------- d-----w c:\program files\FlashFXP
2008-12-31 22:37 --------- d-----w c:\program files\PowerISO
2008-12-31 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\FlashFXP
2008-12-31 12:52 --------- d-----w c:\program files\Realtek AC97
2008-12-31 12:02 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-31 12:02 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-31 11:07 --------- d-----w c:\program files\microsoft frontpage
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-15_19.26.58.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-15 20:22:22 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"USBFireWall"="c:\program files\Net Studio\USB_FW.exe" [2008-03-22 1299968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-04 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-06 136600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"midi1"= mapledxp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2009-01-31 24720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-14 15504]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-01-12 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-01-12 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-01-12 42112]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - Brother XP spl Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MBAMService
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\k0us1k4b.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 09:23:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-16 9:28:28 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-02-15 20:28:23
ComboFix2.txt 2009-02-15 06:28:15

Pre-Run: 21,253,713,920 bytes free
Post-Run: 21,500,710,912 bytes free

272


hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:37 AM, on 2/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Net Studio\USB_FW.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USBFireWall] C:\Program Files\Net Studio\USB_FW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230841401390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 4753 bytes

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 16 February 2009 - 01:40 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 ravensheat

ravensheat
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 16 February 2009 - 05:34 AM

At this point, the pc looks good! I connected a usb device and the virus did not pop up or restart the pc which is great! thank you for all your help. p.s the eset scanner had alot of detections. thank you and the great BC team

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3855 (20090216)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=2c195a04f8ce9743ada08773554b9cff
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-16 10:18:52
# local_time=2009-02-16 11:18:52 (+1200, New Zealand Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=218246
# found=394
# scan_time=2627
C:\Qoobox\Quarantine\C\1utbfd.bat.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\2aaxaiy.exe.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\8.bat.vir Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\a2h2.com.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\gy.exe.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\hl80c6b1.com.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\j60osk9.cmd.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\m9ma.exe.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\opgde.exe.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\pook.com.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\uvsqfgwd.cmd.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\w98.com.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\x2csvg.exe.vir Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasretyw0.dll.vir Win32/PSW.OnLineGames.NMP trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\backups.zip Win32/PSW.OnLineGames.NMY trojan (deleted) 00000000000000000000000000000000
C:\SDFix\backups_old\backups.zip »ZIP »backups/autorun.inf Win32/PSW.OnLineGames.NMY trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
D:\x2csvg.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\m9ma.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\a2h2.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\gy.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\w98.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\hl80c6b1.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\opgde.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015586.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0013296.EXE Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015587.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0013312.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0013313.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0013314.inf INF/Autorun.gen trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0014314.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0014315.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0014316.inf INF/Autorun.gen trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015314.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015315.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015333.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015334.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015335.inf INF/Autorun.gen trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015350.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015351.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015352.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015374.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015375.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015376.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015390.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015391.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015392.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015407.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015408.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015409.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015424.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015425.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015426.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015445.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015446.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015460.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015461.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015470.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015471.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015484.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015485.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015494.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015495.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015506.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015507.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015518.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015519.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015528.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015529.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015538.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015539.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015548.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015549.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015560.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015561.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015572.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0015573.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016586.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016587.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016596.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016597.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016620.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016621.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016632.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016633.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016642.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP26\A0016643.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP27\A0016664.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP27\A0016665.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP27\A0016675.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP27\A0016676.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP28\A0016683.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP28\A0016684.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016718.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016719.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016761.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016762.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016771.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016772.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016783.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016784.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016793.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016794.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016807.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016808.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016819.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016820.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016835.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016836.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016845.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016846.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016858.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016859.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016868.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016869.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016878.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0016879.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0017878.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP29\A0017879.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP30\A0018188.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP30\A0018189.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP31\A0018234.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP31\A0018235.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP32\A0018239.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP32\A0018240.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP33\A0018266.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP33\A0018267.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP34\A0018329.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP34\A0018330.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP35\A0018355.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP35\A0018356.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP35\A0018371.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP35\A0018372.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018398.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018399.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018414.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018415.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018437.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018438.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018449.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018450.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018459.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018460.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018469.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP36\A0018470.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018474.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018475.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018488.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018489.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018500.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018501.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018510.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018511.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018523.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018524.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018537.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018538.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018547.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018548.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018559.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018560.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018569.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018570.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018579.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018580.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018589.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP37\A0018590.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP38\A0018597.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP38\A0018598.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP39\A0018602.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP39\A0018603.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP40\A0018641.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP40\A0018642.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018662.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018663.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018898.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018899.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018909.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018910.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018919.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018920.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018930.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018931.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018944.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018945.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018956.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018957.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018967.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018968.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018982.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018983.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018993.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0018994.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0019003.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP41\A0019004.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019017.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019018.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019047.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019048.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019068.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019069.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019085.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019086.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019097.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019098.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019109.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019110.inf Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019121.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019122.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019159.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019160.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019173.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019174.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019183.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019184.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019193.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019194.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019203.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019204.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019219.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019220.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019229.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019230.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019239.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019240.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019250.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019251.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019261.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019262.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019271.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019272.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019288.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019289.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019298.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019299.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019322.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019323.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019335.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019336.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019346.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0019347.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020347.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020348.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020361.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020362.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020375.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020376.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020395.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020407.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020408.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020417.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0020418.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021419.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021420.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021439.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021440.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021451.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021452.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021497.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021498.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021512.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP42\A0021513.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP43\A0021529.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP43\A0021530.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP44\A0021538.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP44\A0021539.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP44\A0021573.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP44\A0021574.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP45\A0021578.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP45\A0021579.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP45\A0022571.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP45\A0022572.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022596.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022597.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022617.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022618.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022627.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022628.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022638.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022639.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022648.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022649.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022658.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022659.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022668.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022669.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022684.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022685.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022698.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0022699.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023699.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023700.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023710.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023711.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023722.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023723.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023733.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023734.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023745.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023746.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023755.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023756.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023767.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023768.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023777.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023778.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023821.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023822.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023933.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023934.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023950.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023951.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023960.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0023961.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024049.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024050.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024063.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024064.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024073.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024074.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024085.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024086.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024095.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024096.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024105.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024106.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024117.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024118.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024127.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024128.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024150.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024151.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024170.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024171.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024201.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024202.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024245.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024246.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024266.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024267.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024276.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024277.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024286.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP46\A0024287.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0024293.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0024294.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0024310.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0024311.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0024330.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0024331.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0024344.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0024345.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025344.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025345.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025402.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025403.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025450.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025451.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025460.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025461.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025470.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025471.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025492.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025493.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025504.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025505.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025524.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025525.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025535.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025536.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025545.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025546.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025556.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025557.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025567.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025568.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025582.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025583.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025592.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP47\A0025593.inf Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP48\A0026074.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP48\A0026075.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP48\A0026076.bat Win32/PSW.OnLineGames.OHL trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP48\A0026077.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP48\A0026078.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP48\A0026079.bat Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP48\A0026080.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP48\A0026081.cmd Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP49\A0028495.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP49\A0028496.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP49\A0028497.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP49\A0028498.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP49\A0028499.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP49\A0028500.com Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E902BC03-5CBB-4E27-96D5-B2B049BCB098}\RP49\A0028501.exe Win32/PSW.OnLineGames.NMY trojan (unable to clean - deleted) 00000000000000000000000000000000

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 16 February 2009 - 05:55 AM

Hello.. Lets do double checking first :thumbup2:

Please show hidden files and folders

Find these files in your C:\ and D:\ drives (all drives if any).. Tell me if you can found any of these files.. :)

2aaxaiy.exe
a2h2.com
gy.exe
hl80c6b1.com
m9ma.exe
opgde.exe
pook.com
ur0.com
w98.com
x2csvg.exe
opgde.exe

Edited by fenzodahl512, 16 February 2009 - 05:55 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 ravensheat

ravensheat
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 16 February 2009 - 03:22 PM

sorry mate, everytime I select to show hidden files and folders anywhere, It does not. It reapplys the 'do not show hidden files and folders' even after I have selected to show. Any Ideas at this point?

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 16 February 2009 - 11:44 PM

Use this first.. Then tell me if you can select the show hidden files and folders


Please download Flash_Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users