Author Topic: YM - help plz (Read 964 times)

podiz · « **on:** January 28, 2008, 11:48:25 AM »

Ok, for last few days am facing a strange problem. Whenever i sign in yahoo messenger , the messenger window disapears.

And someone suggest me a way to solve it :

1.Go to windows task manager.
2.Terminate explorer.exe process.
3.Run explorer.exe again .

When i do this , the problem seem to have solved but then its only temporary solution coz wen i restart comp , the problem repeats again.

Can u help me out ?!

Addl info :
This is the log file HJT generated :

unning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Download accelerator plus\DAP\DAP.EXE
D:\Hijack this\HijackThis.exe

podiz · « **Reply #1 on:** January 28, 2008, 11:59:49 AM »

remaining log files :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Real player\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: XBTBPos00 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\REDIFF~1\3.0\REDIFF~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-21-448539723-299502267-725345543-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Brahma mayam')
O4 - HKUS\S-1-5-21-448539723-299502267-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Brahma mayam')
O4 - HKUS\S-1-5-21-448539723-299502267-725345543-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Brahma mayam')
O8 - Extra context menu item: &Clean Traces - D:\Download accelerator plus\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Download accelerator plus\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Download accelerator plus\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ECD48C-B422-4C35-BE71-3E218ED33D7A}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 10783 bytes

guestolo · « **Reply #2 on:** January 29, 2008, 07:50:15 PM »

Can you post the Whole Hijackthis log in the same reply
Run another fresh scan>>save logfile with Hijackthis
When the log opens select EDIT>>SELECT ALL
EDIT>>COPY

Then come back here and paste the whole log

podiz · « **Reply #3 on:** January 30, 2008, 04:06:02 AM »

Hi guestolo ,

please find below the full logfile i jus generated

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:40 PM, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\explorer.exe
D:\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Real player\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: XBTBPos00 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\REDIFF~1\3.0\REDIFF~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O8 - Extra context menu item: &Clean Traces - D:\Download accelerator plus\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Download accelerator plus\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Download accelerator plus\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ECD48C-B422-4C35-BE71-3E218ED33D7A}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 10245 bytes

guestolo · « **Reply #4 on:** January 31, 2008, 08:13:07 PM »

Can you temporarily disable AVAST protection
Right click AVAST icon by clock and Stop on access protection

Next:
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back all the following after the above is done, even if it takes more than one reply to do so

1. Post the log from Combofix, it's default location is >>C:\Combofix.txt
2. Run a fresh Scan>Save logfile with Hijackthis and post it's log also

podiz · « **Reply #5 on:** February 03, 2008, 09:41:27 AM »

Hi Guestello Find the report generated by Combofix and HJT :

ComboFix 08-02.03.1 - asd 2008-02-03 19:57:07.1 - [color=\"red\"]FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.150 [GMT 5.5:30]
Running from: C:\Documents and Settings\asd\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo1.dll

----- BITS: Possible infected sites -----

hxxp://nxpagent.airtelbroadband.in
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 16:31 . 2008-02-03 19:52   103,870   -r-hs----   C:\2ifetri.cmd
2008-02-03 08:05 . 2008-02-03 08:05   <DIR>   d--hs----   C:\FOUND.167
2008-02-02 20:26 . 2008-02-02 20:26   104,644   -r-hs----   C:\i.cmd
2008-01-31 20:03 . 2008-01-31 20:03   <DIR>   d--hs----   C:\FOUND.166
2008-01-31 13:31 . 2008-01-31 13:31   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 09:31 . 2008-01-31 09:31   <DIR>   d--hs----   C:\FOUND.165
2008-01-31 09:31 . 2007-12-13 17:54   <DIR>   d--------   C:\Documents and Settings\TEMP\.housecall6.6
2008-01-30 16:24 . 2008-01-30 16:24   <DIR>   d--hs----   C:\FOUND.164
2008-01-30 13:16 . 2008-02-02 14:15   103,574   -r-hs----   C:\h.cmd
2008-01-30 08:04 . 2008-01-30 08:04   <DIR>   d--hs----   C:\FOUND.163
2008-01-28 21:17 . 2008-01-30 08:06   103,683   -r-hs----   C:\ylr.exe
2008-01-28 20:56 . 2008-01-28 20:56   <DIR>   d--hs----   C:\FOUND.162
2008-01-28 07:20 . 2008-01-28 07:20   <DIR>   d--hs----   C:\FOUND.161
2008-01-27 18:41 . 2008-01-27 18:41   <DIR>   d--hs----   C:\FOUND.160
2008-01-27 06:17 . 2008-01-27 06:17   <DIR>   d--hs----   C:\FOUND.159
2008-01-26 12:57 . 2008-02-03 19:55   531   -r-hs----   C:\autorun.inf
2008-01-26 12:56 . 2008-01-26 12:56   1,751   --a------   C:\Documents and Settings\asd\clean.reg
2008-01-26 12:51 . 2008-01-26 12:51   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-25 18:48 . 2008-01-28 16:36   105,293   -r-hs----   C:\xo8wr9.exe
2008-01-25 18:48 . 2008-01-25 18:48   54,784   -r-hs----   C:\WINDOWS\system32\amvo2.dll
2008-01-25 08:13 . 2008-01-25 08:13   104,822   -r-hs----   C:\qd.cmd
2008-01-24 23:07 . 2008-01-24 09:02   <DIR>   d--------   C:\Program Files\SDFix
2008-01-24 19:33 . 2007-06-28 18:52   765,952   --a------   C:\WINDOWS\system32\xvidcore.dll
2008-01-24 19:33 . 2007-06-28 18:54   180,224   --a------   C:\WINDOWS\system32\xvidvfw.dll
2008-01-24 19:33 . 2007-06-28 18:55   77,824   --a------   C:\WINDOWS\system32\xvid.ax
2008-01-24 19:20 . 2008-01-24 19:20   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-01-24 18:50 . 2008-01-24 18:50   <DIR>   d--------   C:\Documents and Settings\asd\Application Data\CyberLink
2008-01-24 18:50 . 2008-01-24 18:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-24 17:49 . 2008-01-24 17:49   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-01-24 17:49 . 2008-01-24 17:49   1,409   --a------   C:\WINDOWS\QTFont.for
2008-01-24 09:52 . 2008-01-24 22:28   103,642   -r-hs----   C:\awda2.exe
2008-01-23 10:01 . 2008-01-23 20:41   105,199   -r-hs----   C:\xn1i9x.com
2008-01-23 10:00 . 2007-12-31 12:10   105,216   -r-hs----   C:\80avp08.com
2008-01-22 11:12 . 2008-01-22 11:12   <DIR>   d--hs----   C:\FOUND.158
2008-01-21 19:49 . 2008-01-21 19:49   <DIR>   d--hs----   C:\FOUND.157
2008-01-21 07:20 . 2008-01-21 07:20   83,456   --a------   C:\WINDOWS\system32\swpr41.dll
2008-01-18 14:07 . 2008-01-18 14:07   <DIR>   d--hs----   C:\FOUND.156
2008-01-18 10:01 . 2008-01-18 10:01   <DIR>   d--hs----   C:\FOUND.155
2008-01-14 06:15 . 2008-01-14 06:15   <DIR>   d--hs----   C:\FOUND.154
2008-01-12 07:04 . 2008-01-12 07:04   <DIR>   d--hs----   C:\FOUND.153
2008-01-11 08:20 . 2008-02-01 16:56   268   --ah-----   C:\sqmdata16.sqm
2008-01-11 08:20 . 2008-02-01 16:56   244   --ah-----   C:\sqmnoopt16.sqm
2008-01-11 07:18 . 2008-01-11 07:18   <DIR>   d--hs----   C:\FOUND.152
2008-01-08 19:15 . 2008-01-08 19:15   <DIR>   d--hs----   C:\FOUND.151
2008-01-03 10:57 . 2008-01-03 10:57   <DIR>   d--hs----   C:\FOUND.150

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 10:03   ---------   d-----w   C:\Documents and Settings\Brahma mayam\Application Data\MEGAUPLOADTOOLBAR
2007-12-27 12:12   ---------   d-----w   C:\Program Files\DNA
2007-12-27 12:12   ---------   d-----w   C:\Documents and Settings\asd\Application Data\DNA
2007-12-27 11:12   ---------   d-----w   C:\Program Files\uTorrent
2007-12-27 11:12   ---------   d-----w   C:\Documents and Settings\asd\Application Data\uTorrent
2007-12-22 18:17   ---------   d-----w   C:\Program Files\Common Files\SupportSoft
2007-12-20 14:48   ---------   d-----w   C:\Documents and Settings\asd\Application Data\Rediff.com
2007-12-14 03:08   ---------   d-----w   C:\Program Files\Alwil Software
2007-12-13 06:48   102,664   ----a-w   C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-11 06:17   ---------   d-----w   C:\Program Files\Common Files\DAZ
2007-12-04 14:56   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
2007-11-08 15:43   103,736   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2007-11-07 09:26   721,920   ----a-w   C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26   721,920   ----a-w   C:\WINDOWS\system32\dllcache\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2006-02-19 10:29 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:26 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nxpclient"="C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe" [2007-11-26 16:22 202016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-24 19:19 185896]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^asd^Start Menu^Programs^Startup^Mopy Points Collector.lnk]
path=C:\Documents and Settings\asd\Start Menu\Programs\Startup\Mopy Points Collector.lnk
backup=C:\WINDOWS\pss\Mopy Points Collector.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
D:\Bit torrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--------- 2007-11-08 15:05 4568576 D:\Download accelerator plus\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 06:40 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 21:54 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--------- 2005-12-13 08:49 217088 D:\Nokia\PCSUIT~1\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-18 13:25 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe /service []
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2002-12-23 18:46]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [2007-11-01 15:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\xo8wr9.exe
\Shell\explore\Command - C:\xo8wr9.exe
\Shell\open\Command - C:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\xo8wr9.exe
\Shell\explore\Command - D:\xo8wr9.exe
\Shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\xo8wr9.exe
\Shell\explore\Command - E:\xo8wr9.exe
\Shell\open\Command - E:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\xo8wr9.exe
\Shell\explore\Command - F:\xo8wr9.exe
\Shell\open\Command - F:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18689a84-d544-11db-8d8d-0013d4c4c34b}]
\Shell\AutoRun\command - G:\scvshosts.exe
\Shell\Open\command - G:\scvshosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caf3417f-c589-11db-8d53-0013d4c4c34b}]
\Shell\AutoRun\command - H:\80avp08.com
\Shell\explore\Command - H:\80avp08.com
\Shell\open\Command - H:\80avp08.com

.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 11:01:12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{69D17CCE-E12A-4591-850D-356A728FE3B3}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 19:58:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-03 19:58:59
ComboFix-quarantined-files.txt 2008-02-03 14:28:58
.
2008-01-09 07:39:44   --- E O F ---

HJT logfile :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:39 PM, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Download accelerator plus\DAP\DAP.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Real player\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - D:\Download accelerator plus\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Download accelerator plus\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Download accelerator plus\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ECD48C-B422-4C35-BE71-3E218ED33D7A}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 8564 bytes

podiz · « **Reply #6 on:** February 03, 2008, 09:58:05 AM »

Hi Guestelo !

I think my problem is fixed. Propably it was the amvo.exe trojan.

Ryt now after running combofix , my YM seems to login fine.

Also i noticed that , past two weeks , when i click My computer and click any disk they opened in new window. But now even it got fixed. After a bit of info search on Google , i realised it was also handiwork of amvo.exe

THANKS A LOT !!!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #7 on:** February 03, 2008, 03:53:11 PM »

Can you still do the following
Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe
Run Flash_Disinfector.exe, Follow the prompts
Insert any removable flash drives you may have when prompted
Leave any flash drives inserted to the computer

NEXT:
Do a "System scan only" with Hijackthis and put a check next to these entries:

b]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
[/b]

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

NEXT:
Please download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

Save it to your desktop.
Double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
==============================================================================

C:\2ifetri.cmd
C:\awda2.exe
C:\xn1i9x.com
C:\80avp08.com
C:\WINDOWS\system32\swpr41.dll
C:\ylr.exe
C:\i.cmd
C:\h.cmd
C:\autorun.inf
C:\xo8wr9.exe
C:\WINDOWS\system32\amvo2.dll
C:\qd.cmd
H:\80avp08.com
G:\scvshosts.exe
F:\xo8wr9.exe
E:\xo8wr9.exe
D:\xo8wr9.exe
C:\Program Files\SDFix
C:\FOUND.163
C:\FOUND.162
C:\FOUND.161
C:\FOUND.160
C:\FOUND.159
C:\FOUND.158
C:\FOUND.157
C:\FOUND.156
C:\FOUND.166
C:\FOUND.165
C:\FOUND.164
C:\FOUND.155
C:\FOUND.154
C:\FOUND.167
C:\FOUND.153
C:\FOUND.152
C:\FOUND.151
C:\FOUND.150
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18689a84-d544-11db-8d8d-0013d4c4c34b}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caf3417f-c589-11db-8d53-0013d4c4c34b}

==============================================================================
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the [color=\"yellow\"]yellow[/color] bar) and choose Paste.
Click the red [color=\"red\"]Moveit![/color] button.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
I'll need to see it later

NEXT:
Temporarily disable Avast's protections
Right click the Avast icon by the clock and "Stop on access protections"

use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
[attachment=4342:Kas_SaveReport_1.gif]
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save

Post back all the following:

1. Post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.
2. Post the log from OTMoveit2>>C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
3. Run a fresh scan/save logfile with Hijackthis and post it also

podiz · « **Reply #8 on:** February 05, 2008, 11:48:04 AM »

Hi Guestolo ,

Sorry i was away from the system for a day.

I did the necessary steps you mentioned above.

Find the log files of Kapersky , OTmove it and HJT :

KAPERSKY LOG FILE:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 10:19:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 549931
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\

Scan Statistics:
   Total number of scanned objects: 71193
   Number of viruses found: 30
   Number of infected objects: 528
   Number of suspicious objects: 0
   Duration of the scan process: 00:46:47

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SYSTEM   Object is locked   skipped
C:\WINDOWS\system32\config\SOFTWARE   Object is locked   skipped
C:\WINDOWS\system32\config\DEFAULT   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\Antivirus.Evt   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd.sys   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt   Object is locked   skipped
C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\nxpclient\SYSTEM\state\logs\sprtcmd.log   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\asd\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\History\History.IE5\MSHist012008020520080206\index.dat   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\Application Data\SupportSoft\nxpclient\asd\state\logs\sprtcmd.log   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\Temp\~DF623E.tmp   Object is locked   skipped
C:\Documents and Settings\asd\Local Settings\Temp\~DF625A.tmp   Object is locked   skipped
C:\Documents and Settings\asd\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\asd\ntuser.dat.LOG   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db   Object is locked   skipped
C:\2ifetri.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qln   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973137.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973138.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973180.DLL   Infected: Trojan-PSW.Win32.OnLineGames.qms   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973183.exe   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973184.DLL   Infected: Trojan-PSW.Win32.OnLineGames.qms   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973185.CMD   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973186.INF   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0939284.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0939285.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0942277.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0942278.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0942279.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0942287.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0943278.exe   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0943279.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0945281.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0945284.exe   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0945285.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0946286.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0946287.exe   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0946288.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0946296.exe   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0946297.dll   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0947285.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0947286.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0947305.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0948283.DLL   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0948286.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0948287.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0950285.DLL   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951289.DLL   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951290.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951291.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951298.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951299.DLL   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951321.DLL   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951323.exe   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951324.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0952340.DLL   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0952342.exe   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0952343.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0953369.DLL   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0953371.exe   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0953372.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0953379.exe   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0953380.DLL   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0954421.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pub   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0954423.exe   Infected: Trojan-PSW.Win32.OnLineGames.puc   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0954424.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0954431.exe   Infected: Trojan-PSW.Win32.OnLineGames.puc   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0954432.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pub   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP666\A0973198.exe   Infected: Trojan-PSW.Win32.OnLineGames.qln   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP666\A0973199.dll   Infected: Trojan-PSW.Win32.OnLineGames.qlk   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930955.com   Infected: Trojan-PSW.Win32.OnLineGames.pfm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930956.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930963.exe   Infected: Trojan-PSW.Win32.OnLineGames.pfm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930964.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pfm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930978.com   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930979.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930988.exe   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930989.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0931037.com   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0931038.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932067.dll   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932068.com   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932069.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932077.exe   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932078.dll   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933068.exe   Infected: Worm.Win32.AutoRun.cea   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933069.inf   Infected: Worm.Win32.AutoRun.cea   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933076.exe   Infected: Worm.Win32.AutoRun.cea   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933077.DLL   Infected: Worm.Win32.AutoRun.cea   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933095.exe   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933096.inf   Infected: Worm.Win32.AutoRun.cea   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933106.exe   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933107.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0933109.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0933110.inf   Infected: Worm.Win32.AutoRun.cbi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934098.dll   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934099.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934100.inf   Infected: Worm.Win32.AutoRun.cbi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934115.exe   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934116.dll   Infected: Worm.Win32.AutoRun.cel   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935095.DLL   Infected: Worm.Win32.AutoRun.cel   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935100.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935101.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935129.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935131.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935132.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935150.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935155.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935156.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935166.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935167.dll   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935168.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935169.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935185.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935187.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0935195.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0935196.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937187.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937189.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937190.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937232.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937234.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937235.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937242.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0938263.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0938264.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0938265.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0939272.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0939274.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0939275.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0955462.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pub   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0955464.exe   Infected: Trojan-PSW.Win32.OnLineGames.puc   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0955465.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0955472.exe   Infected: Trojan-PSW.Win32.OnLineGames.puc   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0955473.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pub   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956463.exe   Infected: Trojan-PSW.Win32.OnLineGames.pvb   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956464.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956471.exe   Infected: Trojan-PSW.Win32.OnLineGames.pvb   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956472.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pvb   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959665.exe   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956493.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956494.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956540.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pwr   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956541.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956542.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0957542.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pwr   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0957543.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0957544.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0957559.exe   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958575.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pwr   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958577.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958578.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958594.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pwr   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958596.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958597.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959615.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pwr   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959617.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959618.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959638.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pwr   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959640.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959641.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0960677.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pwr   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0960678.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0960679.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0960686.exe   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0960687.DLL   Infected: Trojan-PSW.Win32.OnLineGames.pwr   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0960718.cmd   Infected: Worm.Win32.AutoRun.chv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0960719.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0961720.DLL   Infected: Worm.Win32.AutoRun.chu   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0961721.cmd   Infected: Worm.Win32.AutoRun.chv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0961722.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0961750.DLL   Infected: Worm.Win32.AutoRun.chu   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0962750.DLL   Infected: Worm.Win32.AutoRun.chu   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0962751.cmd   Infected: Worm.Win32.AutoRun.chv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0962752.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0965965.DLL   Infected: Worm.Win32.AutoRun.chu   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966975.DLL   Infected: Worm.Win32.AutoRun.chu   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966977.cmd   Infected: Worm.Win32.AutoRun.chv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966978.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966985.exe   Infected: Worm.Win32.AutoRun.chv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966995.DLL   Infected: Trojan-PSW.Win32.OnLineGames.qip   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966996.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qip   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966997.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0967005.exe   Infected: Trojan-PSW.Win32.OnLineGames.qip   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0967006.DLL   Infected: Worm.Win32.AutoRun.chu   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0968006.cmd   Infected: Worm.Win32.AutoRun.cin   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0968007.inf   Infected: Worm.Win32.AutoRun.cin   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0972015.DLL   Infected: Worm.Win32.AutoRun.cin   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0972017.cmd   Infected: Worm.Win32.AutoRun.cin   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0972018.inf   Infected: Worm.Win32.AutoRun.cin   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0972025.exe   Infected: Worm.Win32.AutoRun.cin   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0972026.DLL   Infected: Worm.Win32.AutoRun.cin   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0973027.DLL   Infected: Worm.Win32.AutoRun.cin   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0973029.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0973030.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP667\A0979292.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP667\A0979296.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP667\change.log   Object is locked   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP640\A0898759.vbs   Infected: not-a-virus:RiskTool.VBS.DisReg.a   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP664\A0973050.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
C:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP664\A0973051.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\awda2.exe   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\xn1i9x.com   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\WINDOWS\system32\amvo2.dll   Infected: Trojan-PSW.Win32.OnLineGames.pnz   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\ylr.exe   Infected: Trojan-PSW.Win32.OnLineGames.pvb   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\i.cmd   Infected: Worm.Win32.AutoRun.cin   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\h.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qip   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\autorun.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\xo8wr9.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
C:\_OTMoveIt\MovedFiles\02052008_125000\qd.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo.exe.vir   Infected: Trojan-PSW.Win32.OnLineGames.qln   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\amvo1.dll.vir   Infected: Trojan-PSW.Win32.OnLineGames.qlk   skipped
D:\2ifetri.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qln   skipped
D:\autorun.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
D:\awda2.exe   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
D:\Download accelerator plus\DAP\History\Brahma mayam\_lasthist.dat   Object is locked   skipped
D:\Download accelerator plus\DAP\Offers\VA_11_DAPSO.exe/WISE0009.BIN   Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk   skipped
D:\Download accelerator plus\DAP\Offers\VA_11_DAPSO.exe   WiseSFX: infected - 1   skipped
D:\Download accelerator plus\DAP\Offers\VA_11_DAPSO.exe   WiseSFXDropper: infected - 1   skipped
D:\h.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qip   skipped
D:\i.cmd   Infected: Worm.Win32.AutoRun.cin   skipped
D:\qd.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
D:\SD Fx\SDFix\backups\autorun.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930957.com   Infected: Trojan-PSW.Win32.OnLineGames.pfm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930958.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930980.com   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930981.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0931039.com   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0931040.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932070.com   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932071.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933070.exe   Infected: Worm.Win32.AutoRun.cea   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933071.inf   Infected: Worm.Win32.AutoRun.cea   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933097.exe   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933098.inf   Infected: Worm.Win32.AutoRun.cea   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0933111.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0933112.inf   Infected: Worm.Win32.AutoRun.cbi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934101.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934102.inf   Infected: Worm.Win32.AutoRun.cbi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935102.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935103.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935133.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935134.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935157.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935158.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935170.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935171.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935188.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935189.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0935197.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0935198.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937191.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937192.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937236.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937237.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0938266.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0938267.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0939276.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0939277.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0939286.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0939287.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0942280.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0942281.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0943280.exe   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0943281.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0945286.exe   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0945287.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0946289.exe   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0946290.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0947287.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0947288.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0948288.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0948289.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951292.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951293.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951325.exe   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0951326.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0952344.exe   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0952345.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0953373.exe   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0953374.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0954425.exe   Infected: Trojan-PSW.Win32.OnLineGames.puc   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP660\A0954426.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0955466.exe   Infected: Trojan-PSW.Win32.OnLineGames.puc   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0955467.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956465.exe   Infected: Trojan-PSW.Win32.OnLineGames.pvb   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956466.inf   Infected: Trojan-PSW.Win32.OnLineGames.psv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956495.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956496.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956543.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0956544.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0957545.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0957546.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958579.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958580.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958598.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0958599.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959619.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959620.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959642.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0959643.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0960680.cmd   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP661\A0960681.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0960720.cmd   Infected: Worm.Win32.AutoRun.chv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0960721.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0961723.cmd   Infected: Worm.Win32.AutoRun.chv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0961724.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0962753.cmd   Infected: Worm.Win32.AutoRun.chv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0962754.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966979.cmd   Infected: Worm.Win32.AutoRun.chv   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966980.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966998.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qip   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP662\A0966999.inf   Infected: Worm.Win32.AutoRun.cgi   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0968008.cmd   Infected: Worm.Win32.AutoRun.cin   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0968009.inf   Infected: Worm.Win32.AutoRun.cin   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0972019.cmd   Infected: Worm.Win32.AutoRun.cin   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0972020.inf   Infected: Worm.Win32.AutoRun.cin   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0973031.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP663\A0973032.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP664\A0973052.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP664\A0973053.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973139.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973140.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973187.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qks   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP665\A0973188.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP667\A0979293.com   Infected: Trojan-PSW.Win32.OnLineGames.mqw   skipped
D:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP667\A0979299.exe   Infected: Trojan-PSW.Win32.OnLineGames.prv   skipped
D:\xn1i9x.com   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
D:\ylr.exe   Infected: Trojan-PSW.Win32.OnLineGames.pvb   skipped
E:\2ifetri.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qln   skipped
E:\autorun.inf   Infected: Trojan-PSW.Win32.OnLineGames.qmf   skipped
E:\awda2.exe   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
E:\h.cmd   Infected: Trojan-PSW.Win32.OnLineGames.qip   skipped
E:\i.cmd   Infected: Worm.Win32.AutoRun.cin   skipped
E:\qd.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
E:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930959.com   Infected: Trojan-PSW.Win32.OnLineGames.pfm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930960.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930982.com   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP655\A0930983.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0931041.com   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0931042.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932072.com   Infected: Trojan-PSW.Win32.OnLineGames.phx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0932073.inf   Infected: Trojan-PSW.Win32.OnLineGames.pgs   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933072.exe   Infected: Worm.Win32.AutoRun.cea   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933073.inf   Infected: Worm.Win32.AutoRun.cea   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933099.exe   Infected: Trojan-PSW.Win32.OnLineGames.pmc   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP656\A0933100.inf   Infected: Worm.Win32.AutoRun.cea   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0933113.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0933114.inf   Infected: Worm.Win32.AutoRun.cbi   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934103.cmd   Infected: Trojan-PSW.Win32.OnLineGames.pno   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0934104.inf   Infected: Worm.Win32.AutoRun.cbi   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935104.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935105.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935135.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935136.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935159.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935160.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935172.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935173.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935190.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP657\A0935191.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0935199.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0935200.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937193.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937194.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937238.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0937239.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0938268.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0938269.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0939278.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP658\A0939279.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0939288.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0939289.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0942282.exe   Infected: Trojan-PSW.Win32.OnLineGames.pnx   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0942283.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0943282.exe   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB43D}\RP659\A0943283.inf   Infected: Trojan-PSW.Win32.OnLineGames.pqm   skipped
E:\System Volume Information\_restore{902C8D6C-5D65-4547-93DA-B554A87AB4

guestolo · « **Reply #9 on:** February 05, 2008, 07:36:55 PM »

Still some cleaning to do
But first
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4".
Click the "Download" button to the right.
In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:

Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2

Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.

Let's run OTMoveit again

Please double-click OTMoveIt2.exe to run it.
Copy the entries below to the clipboard by highlighting ALL of them in blue and pressing
CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]F:\xn1i9x.com
F:\ylr.exe
E:\xn1i9x.com
E:\ylr.exe
F:\2ifetri.cmd
F:\autorun.inf
F:\awda2.exe
F:\h.cmd
F:\i.cmd
F:\qd.cmd
D:\xn1i9x.com
D:\ylr.exe
E:\2ifetri.cmd
E:\autorun.inf
E:\awda2.exe
E:\h.cmd
E:\i.cmd
E:\qd.cmd
C:\QooBox
D:\2ifetri.cmd
D:\autorun.inf
D:\awda2.exe
D:\Download accelerator plus\DAP\Offers\VA_11_DAPSO.exe
D:\h.cmd
D:\i.cmd
D:\qd.cmd
D:\SD Fx\SDFix
C:\2ifetri.cmd

[/color]
======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

NOTE: If you are not asked to reboot the computer
Can you reboot manually anyways

Back in Windows
Go ahead and install the latest version of Java from the desktop installer

OTMoveIt would of created another log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Can you post that log along with a fresh hijackthis log
Let me know how things are running

In addition, can you ensure that AVAST Antivirus is running properly
From the icon by the clock if you right click on it
Are On access protections enabled and running?

In addition, if you have shared your flash drives with any other computers lately
There is a good chance they are infected also
They should at minimum run Flash_Disinfector on there own computer

podiz · « **Reply #10 on:** February 05, 2008, 11:16:16 PM »

Hi Guestolo ,

Thanks.

I updated to JRE 6.

and also Run the OTmoveit as you mentioned.

As far the Avast i noticed the avast icon is missing in the taskmanager and the resident shield/on access is not seen. Can u help me in that ?.

Please find below the new OT moveit log file and HJT logfile.

OTmoveit Log file :

[Custom Input]
< :\xn1i9x.com >
File/Folder :\xn1i9x.com not found.
< F:\ylr.exe >
F:\ylr.exe moved successfully.
< E:\xn1i9x.com >
E:\xn1i9x.com moved successfully.
< E:\ylr.exe >
E:\ylr.exe moved successfully.
< F:\2ifetri.cmd >
F:\2ifetri.cmd moved successfully.
< F:\autorun.inf >
F:\autorun.inf moved successfully.
< F:\awda2.exe >
F:\awda2.exe moved successfully.
< F:\h.cmd >
F:\h.cmd moved successfully.
< F:\i.cmd >
F:\i.cmd moved successfully.
< F:\qd.cmd >
F:\qd.cmd moved successfully.
< D:\xn1i9x.com >
D:\xn1i9x.com moved successfully.
< D:\ylr.exe >
D:\ylr.exe moved successfully.
< E:\2ifetri.cmd >
E:\2ifetri.cmd moved successfully.
< E:\autorun.inf >
E:\autorun.inf moved successfully.
< E:\awda2.exe >
E:\awda2.exe moved successfully.
< E:\h.cmd >
E:\h.cmd moved successfully.
< E:\i.cmd >
E:\i.cmd moved successfully.
< E:\qd.cmd >
E:\qd.cmd moved successfully.
< C:\QooBox >
C:\QooBox\BackEnv moved successfully.
C:\QooBox\Quarantine\Registry_backups moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings\All Users moved successfully.
C:\QooBox\Quarantine\C\Documents and Settings moved successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\QooBox\Quarantine\C\WINDOWS moved successfully.
C:\QooBox\Quarantine\C\ComboFix moved successfully.
C:\QooBox\Quarantine\C moved successfully.
C:\QooBox\Quarantine moved successfully.
C:\QooBox moved successfully.
< D:\2ifetri.cmd >
D:\2ifetri.cmd moved successfully.
< D:\autorun.inf >
D:\autorun.inf moved successfully.
< D:\awda2.exe >
D:\awda2.exe moved successfully.
< D:\Download accelerator plus\DAP\Offers\VA_11_DAPSO.exe >
D:\Download accelerator plus\DAP\Offers\VA_11_DAPSO.exe moved successfully.
< D:\h.cmd >
D:\h.cmd moved successfully.
< D:\i.cmd >
D:\i.cmd moved successfully.
< D:\qd.cmd >
D:\qd.cmd moved successfully.
< D:\SD Fx\SDFix >
D:\SD Fx\SDFix\backups moved successfully.
D:\SD Fx\SDFix\backupreg moved successfully.
D:\SD Fx\SDFix\apps\Replace\xp moved successfully.
D:\SD Fx\SDFix\apps\Replace\w2k moved successfully.
D:\SD Fx\SDFix\apps\Replace moved successfully.
D:\SD Fx\SDFix\apps moved successfully.
D:\SD Fx\SDFix moved successfully.
< C:\2ifetri.cmd >
C:\2ifetri.cmd moved successfully.

OTMoveIt2 v1.0.17 log created on 02062008_085715

HJT LOG FILE :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:05 AM, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Real player\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - D:\Download accelerator plus\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Download accelerator plus\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Download accelerator plus\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 8597 bytes

guestolo · « **Reply #11 on:** February 05, 2008, 11:33:55 PM »

I won't be on for the rest of the evening, in the meantime
Can you do the following

You may have missed the very first letter in blue in the last attempt with OTMoveIt

Can we try it again, make sure to copy everything in blue when I post it
Try this

This time you can use the top pane in OTMoveit
As in the following instructions
run OTMoveit again

Please double-click OTMoveIt2.exe to run it.
Copy the entries below to the clipboard by highlighting ALL of them in [color=\"#0000FF\"]blue[/color] and pressing
CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]F:\xn1i9x.com
[/color]
======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

Concerning Avast
Can you do the following
Go to the following link and redownload Avast
and save too desktop for now
http://www.avast.com/eng/download-avast-home.html

Afterwards: Remove your version of avast! Antivirus from Add/remove programs
Reboot the computer afterwards

If you have trouble removing Avast
Download and run their uninstaller
http://www.avast.com/eng/avast-uninstall-utility.html
and then reboot

Back in Windows
install Avast from the installer on desktop
Don't forget to reregister Avast

Ensure it is updated and run a Scan on all harddrives
Reboot afterwards
Don't worry if it can't remove anything in the System Volume Information folders
We'll deal with it later
Come back and let me know how things are running

Again, Post one last fresh hijackthis log and the new log again from OTMoveIt

podiz · « **Reply #12 on:** February 06, 2008, 10:29:42 AM »

Hi Guestolo ,

Things seems to be running fine .

I uninstalled and reinstalled AVAST.

Sorry for missing that file in OTmoveit , i moved it now.

This is the new OTmoveit LOG FILE :

F:\xn1i9x.com moved successfully.

OTMoveIt2 v1.0.17 log created on 02062008_201724

HJT LOG FILE :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:07 PM, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Real player\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - D:\Download accelerator plus\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Download accelerator plus\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\Download accelerator plus\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by129fd.bay129.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

--
End of file - 8848 bytes

guestolo · « **Reply #13 on:** February 06, 2008, 11:17:55 PM »

Looks good, Avast seems to be running better also

If everything is running better, I suggest that you do the following
Older System Restore points are infected
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
eg... Michelle
and click Create
Windows will prompt when it was created successfully

When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

Go to START>>RUN>>Copy then paste the next command below in bold
Then hit OK

combofix /u

This will uninstall combofix and it's components

OTMoveit.exe

Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop and other tools we used for cleaning

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Take a look at the following
Why Did I get Infected in the First Place?

I hope that helps

podiz · « **Reply #14 on:** February 08, 2008, 08:47:38 AM »

Hi Guestolo ,

Thanks a lot . my comp is working fine now . Thanks for your patience , time and help.

And about why did i get the infection ? its my negligent part of using pendrive without scanning. Will keep this in mind in future.

Can u do me one more help please ? Probably my laptop too is affected, i will post the hijack file of it in separate topic. plz go thro it. and suggest me the action to be taken.

take care.

Podiz

guestolo · « **Reply #15 on:** February 08, 2008, 06:22:30 PM »

I'll lock this topic as the problems with this computer are resolved
I've posted to your other topic concerning laptop

TheTechGuide Forum

News:

Author Topic: YM - help plz (Read 964 times)

podiz

YM - help plz

podiz

YM - help plz

guestolo

YM - help plz

podiz

YM - help plz

guestolo

YM - help plz

podiz

YM - help plz

podiz

YM - help plz

guestolo

YM - help plz

podiz

YM - help plz

guestolo

YM - help plz

podiz

YM - help plz

guestolo

YM - help plz

podiz

YM - help plz

guestolo

YM - help plz

podiz

YM - help plz

guestolo

YM - help plz