Jump to content

Recommended Posts

Hello,

Whenever I do a google or yahoo search, it displays the correct link. But when I click on the link, I got redirected to other commercial website. I ran Malwarebytes Anti-malware, AVG Anti-virus, microsoft's malware removal tool and downloaded MS08-067 958644KB. It shows more than 300 folders or files are infected. The problem still exist. I am very frustrated right now. Would you be able to help? Thank you.

---------------------------------------------------------------------------------------------------------------------

Here's the log for quick scan:

Malwarebytes' Anti-Malware 1.39

Database version: 2421

Windows 5.1.2600 Service Pack 3

7/23/2009 6:32:38 PM

mbam-log-2009-07-23 (18-32-38).txt

Scan type: Quick Scan

Objects scanned: 129669

Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

---------------------------------------------------------------------------------------------------------------------------------------

Here's the log for a complete scan later in the same day:

Malwarebytes' Anti-Malware 1.39

Database version: 2421

Windows 5.1.2600 Service Pack 3

7/23/2009 9:51:07 PM

mbam-log-2009-07-23 (21-51-07).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 266631

Time elapsed: 41 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 373

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132875.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132881.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132882.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132909.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132913.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132914.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132932.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132937.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132938.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132959.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132963.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132964.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132978.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132985.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0132986.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133004.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133010.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133011.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133050.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133056.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133057.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133257.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133262.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133263.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133316.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133322.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133323.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133558.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133561.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133562.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133578.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133581.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133582.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133590.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133600.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133602.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133603.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133620.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133621.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133626.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133627.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133638.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133639.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133642.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133643.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133650.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133651.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133663.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133680.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133681.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133686.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133700.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133706.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133723.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133728.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133743.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133748.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133766.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133769.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133786.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133792.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133796.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133805.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133806.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133811.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133812.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133835.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133836.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133838.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133840.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133855.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133856.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133858.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133859.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133878.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133879.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133881.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133882.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133897.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133898.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133902.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133906.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133908.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133909.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133920.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133922.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133926.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133943.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133947.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133961.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133966.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133980.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0133986.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134004.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134006.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134007.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134025.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134027.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134032.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134033.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134058.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134059.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134061.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP494\A0134062.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134224.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134228.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134236.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134237.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134239.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134241.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134261.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134262.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134263.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134264.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134272.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134273.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134287.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134288.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134290.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134291.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134308.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134309.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134310.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134311.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134328.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134329.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134330.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134331.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134358.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134359.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134361.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134362.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134381.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134382.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134386.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134387.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134541.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134542.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134543.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134544.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134558.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134560.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134564.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134565.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134698.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134699.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134703.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134704.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134719.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134720.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134723.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134724.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134743.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134744.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134747.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134749.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134766.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134767.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134770.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134772.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134790.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134791.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134793.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134794.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134811.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134813.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134816.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP495\A0134817.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP496\A0134833.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP496\A0134837.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134906.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134910.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134940.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134941.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134944.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134948.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134952.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134953.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134963.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134964.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134971.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134993.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0134997.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0135018.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0135025.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0135039.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0135045.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0135061.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0135065.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0135080.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP497\A0135085.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135094.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135154.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135157.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135177.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135179.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135196.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135199.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135216.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135222.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135238.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135242.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135257.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135262.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135279.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135283.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135300.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135305.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135323.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135327.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135344.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135348.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135365.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP498\A0135371.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP499\A0135382.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP499\A0135394.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP499\A0135399.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135436.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135518.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135522.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135547.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135554.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135573.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135577.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135593.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135600.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135614.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135619.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135636.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135640.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135660.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135666.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135681.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135686.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135702.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135705.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135724.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP500\A0135733.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135741.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135752.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135757.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135778.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135781.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135783.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135796.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135797.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135801.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135802.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135818.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135819.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135821.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135824.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135840.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135841.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135845.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135846.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135861.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135862.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135864.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135865.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135882.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135883.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135885.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135886.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135901.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135902.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135905.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135906.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135913.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135914.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135925.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135927.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135930.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135931.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135947.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135950.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135951.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135969.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135974.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135975.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135988.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135994.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0135995.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0136013.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0136019.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP501\A0136020.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP502\A0136027.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP502\A0136031.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP502\A0136049.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP502\A0136053.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP502\A0136054.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP502\A0136062.exe (Worm.Autorun) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP502\A0136073.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP502\A0136077.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136576.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136577.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136591.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136598.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136614.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136618.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136641.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136649.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136665.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136669.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136693.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136696.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136717.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136722.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136742.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136746.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136769.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136775.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136791.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136795.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136811.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136812.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136814.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136818.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136822.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136835.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136836.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136838.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136839.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136860.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136861.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136863.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136864.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136880.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136881.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136884.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136885.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136902.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136903.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136906.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136907.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136914.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136915.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136930.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP505\A0136934.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0136944.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0136968.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0136972.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0136992.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0136998.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137019.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137024.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137051.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137052.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137055.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137063.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137073.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137074.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137080.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137095.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137096.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137100.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137107.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137120.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137121.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137127.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137147.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137151.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137175.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137179.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137198.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP506\A0137204.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP507\A0137218.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP507\A0137235.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP507\A0137241.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP507\A0137270.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP507\A0137275.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP507\A0137294.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP507\A0137302.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

----------------------------------------------------------------------------------------------------------------------------

Link to post
Share on other sites

  • Staff

Hi,

First of all, please update MalwareBytes, because the databaseversion is outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • In case you can't update the database via the update option, please download and install the database from here. Only do this when the update option doesn't work.
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

As per instructions, here's the log for updated malwarebytes quickscan:

Malwarebytes' Anti-Malware 1.39

Database version: 2502

Windows 5.1.2600 Service Pack 3

7/25/2009 8:11:55 PM

mbam-log-2009-07-25 (20-11-55).txt

Scan type: Quick Scan

Objects scanned: 132465

Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------------------------------------------------------------------------------------------------------------------------

Here is a fresh HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:35:00 PM, on 7/25/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

C:\Program Files\WildTangent\Apps\GameChannel.exe

C:\WINDOWS\system32\hphmon06.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\AOL\1181626427\ee\AOLSoftware.exe

C:\WINDOWS\vsnpstd3.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wapp.verizon.net/bookmarks/bmredir....mp;bm=yh_search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\kingsoft\KSG\client.exe

O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\win32\pphidpad.exe

O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181626427\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.mrw.interscience.wiley.com.libp...er/tdserver.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

O16 - DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0) - https://www.doralusa.com/Services/SPR32X60.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.22.downloads.estara.com....905797OneCC.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1247976894843

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab

O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab

O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe

O16 - DPF: {DF3336AF-E259-4978-9D69-B4BBF47BE261} (GetHtml Class) - http://tel.isoshu.com/zxlqs.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?

O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.10.cab?

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 14393 bytes

---------------------------------------------------------------------------------------------------------------------------------------

Although MBAM says no malicious software is found, the problem still persist! :D I am hopless and don't even know what's wrong with my computer/system. I really apperciate your help. Hope to get your reply. Thank you.

Link to post
Share on other sites

  • Staff

Hi,

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

I assume that you are still having the Google redirect problem?

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

I ran the ComboFix. It's not as smooth as what the instructions indicated.

After it displays " However, scan times for badly infected machines may easily double",

there is a dialogue saying

"ComboFix has detected the presence of rootkit activity and needs to reboot the machine.

Kindly note down on paper, the name of each file. We may need it later.

C:\WINDOWS\system32\drivers\SKYNETaqgixfwp.sys

C:\WINDOWS\system32\SKYNETjntjkvtl.dll

C:\WINDOWS\system32\SKYNETmoeypjbm.dat

C:\WINDOWS\system32\SKYNETvgqkayhp.dll

C:\WINDOWS\system32\SKYNETxmppkdul.dat"

The only option I have is "ok", so I pressed ok and the computer reboot.

After the reboot, ComboFix continues with autoscan. After about 5 minutes, when it says "Completed Stage_7", the screensaver kicks-in and I moved the mouse......The computer freezed with only the wallpaper......for more than 20 minutes. Eventually I pressed ctrl+alt+del to launch task manager and it shows 0% CPU usage. So I pressed restart in the task manager.

After the restart, everything seems like a normal pc restart. I disable all the firewall and anti-virus (again) and set the screensaver to 60 minutes. Restart the ComboFix and finish scanning. The log is:

ComboFix 09-07-25.06 - HP_Administrator 07/26/2009 13:08.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.553 [GMT -4:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\program files\INSTALL.LOG

c:\recycler\S-1-5-21-4232076623-241376210-2454412621-500

c:\windows\emMON.exe

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_AVPsys

((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))

.

2009-07-26 00:23 . 2009-07-26 00:23 -------- d-----w- c:\program files\Trend Micro

2009-07-24 14:45 . 2009-07-24 14:45 -------- d-----w- c:\windows\system32\XPSViewer

2009-07-24 14:45 . 2009-07-24 14:45 -------- d-----w- c:\program files\MSBuild

2009-07-24 14:45 . 2009-07-24 14:45 -------- d-----w- c:\program files\Reference Assemblies

2009-07-24 14:45 . 2009-07-24 14:45 -------- d-----w- C:\186a1b13339a7f5176

2009-07-24 14:45 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-07-24 14:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-07-24 14:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-07-24 14:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-07-24 14:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-07-24 14:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-07-24 14:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-07-24 14:44 . 2009-07-24 14:53 -------- d-----w- c:\windows\SxsCaPendDel

2009-07-23 22:39 . 2009-07-23 22:39 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache

2009-07-23 22:18 . 2009-07-23 22:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2009-07-23 22:18 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-23 22:18 . 2009-07-23 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-23 22:18 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-23 22:18 . 2009-07-23 22:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-23 21:49 . 2009-07-23 21:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-07-23 21:45 . 2009-07-23 21:45 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE

2009-07-23 21:44 . 2009-07-23 21:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-07-23 21:43 . 2009-07-23 21:43 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache

2009-07-23 21:42 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-07-23 21:42 . 2009-07-23 21:42 -------- d-----w- c:\windows\ie8updates

2009-07-23 21:41 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-07-23 21:41 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll

2009-07-23 21:41 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll

2009-07-23 21:41 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-21 00:56 . 2009-07-23 19:01 -------- d--h--w- C:\$AVG8.VAULT$

2009-07-21 00:52 . 2009-07-21 00:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-21 00:52 . 2009-07-21 00:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-21 00:52 . 2009-07-21 00:52 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-21 00:52 . 2009-07-21 00:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-21 00:52 . 2009-07-26 14:40 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-21 00:51 . 2009-07-21 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-07-21 00:51 . 2009-07-21 00:51 -------- d-----w- c:\program files\AVG

2009-07-21 00:10 . 2009-07-21 00:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8

2009-07-19 08:44 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-26 14:53 . 2005-08-12 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-07-24 14:53 . 2005-08-16 22:06 76656 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-23 22:11 . 2005-05-26 20:17 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-23 21:49 . 2005-08-23 02:02 -------- d-----w- c:\program files\ICQ

2009-07-21 00:50 . 2005-05-26 20:42 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-21 00:44 . 2005-05-26 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-06-30 14:38 . 2008-07-01 13:56 34 ----a-w- c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat

2009-06-21 15:31 . 2009-06-21 15:31 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-20 16:55 . 2008-03-21 21:16 227 ----a-w- c:\windows\PowerReg.dat

2009-06-16 14:36 . 2004-08-10 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-10 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-04 05:12 . 2005-05-26 19:43 -------- d-----w- c:\program files\Java

2009-06-04 05:11 . 2009-05-25 03:27 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-06-03 19:09 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-06-02 21:15 . 2009-05-31 04:23 -------- d-----w- c:\program files\AIM6

2009-06-01 15:47 . 2009-06-01 15:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-06-01 15:46 . 2005-08-23 03:17 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-01 15:40 . 2009-06-01 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-06-01 15:40 . 2009-06-01 15:40 -------- d-----w- c:\program files\NOS

2009-05-31 04:43 . 2006-03-17 05:22 -------- d-----w- c:\program files\America Online 9.0f

2009-05-31 03:52 . 2009-05-31 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM

2009-05-31 03:49 . 2005-08-12 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2009-05-26 00:32 . 2008-08-03 21:29 6020192 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimqqgames\QQSetup65.exe

2009-05-26 00:30 . 2009-05-26 00:30 14519936 ----a-w- c:\program files\Install_AIM.exe

2009-05-25 23:52 . 2009-05-25 23:31 63024 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\instSup.dll

2009-05-25 23:52 . 2009-05-25 23:31 5358864 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\ocpinst.exe

2009-05-25 23:52 . 2009-05-25 23:31 35888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\postproc.exe

2009-05-25 23:52 . 2009-05-25 23:31 55200 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\instopts.exe

2009-05-25 23:52 . 2009-05-25 23:31 164912 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\inst.exe

2009-05-25 23:52 . 2009-05-25 23:31 11824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\tbinst.dll

2009-05-13 05:15 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:32 . 2004-08-10 04:00 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:46 . 2009-06-22 11:16 3068928 ----a-w- c:\windows\system32\SET2800.tmp

2009-04-29 04:46 . 2009-06-22 11:16 666624 ----a-w- c:\windows\system32\SET280E.tmp

2009-04-29 04:46 . 2009-06-22 11:16 620032 ----a-w- c:\windows\system32\SET280B.tmp

2009-04-28 11:59 . 2009-06-22 11:16 369664 ----a-w- c:\windows\system32\SET27EF.tmp

2007-08-07 23:05 . 2007-08-07 23:05 697856 ----a-w- c:\program files\ClientServiceInstaller.msi

2005-10-05 03:26 . 2005-10-05 03:26 395632 ----a-w- c:\program files\SP31149(vs15).exe

2005-08-22 04:34 . 2005-08-22 04:34 22 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"WT GameChannel"="c:\program files\WildTangent\Apps\GameChannel.exe" [2004-09-13 267216]

"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"HostManager"="c:\program files\Common Files\AOL\1181626427\ee\AOLSoftware.exe" [2006-09-26 50736]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-21 1948440]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-21 00:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\America Online 9.0e\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Common Files\\AOL\\1181626427\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=

"c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=

"c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2009 8:52 PM 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/20/2009 8:52 PM 108552]

R1 ppmoucls;ppmoucls;c:\windows\system32\drivers\PPMOUCLS.SYS [2/2/2001 19872]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/20/2009 8:52 PM 298776]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [6/1/2009 11:40 AM 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-PMCLoader - c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe

HKLM-Run-KsgUpdateRun - c:\program files\Common Files\kingsoft\KSG\client.exe

HKLM-Run-PPHIDPAD - c:\winpenjr\win32\pphidpad.exe

HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE

ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uStart Page = hxxp://hk.yahoo.com/

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: ??? Microsoft Excel(&X) - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} - hxxps://www.doralusa.com/Services/SPR32X60.cab

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.69.25.47.22.downloads.estara.com./as/OneCCDM.php?template=107051&sessionid=227808069_68.237.100.195_50141&=&req=1211845905797OneCC.cab

DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

DPF: {DF3336AF-E259-4978-9D69-B4BBF47BE261} - hxxp://tel.isoshu.com/zxlqs.cab

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-26 13:19

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PPHIDPAD = c:\winpenjr\win32\pphidpad.exe??????????????@????????????????W??????????x???????????????????????????????????x????V???V??????????????????x????????W??????????????x????????T??? ?????????????????????|?T??????Q??|????m??|????????????DEFG?k??H????#????????@???????@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1857362827-1777217148-2215771050-1008\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Office\Settings\

Link to post
Share on other sites

Re-run ComboFix:

ComboFix 09-07-25.08 - HP_Administrator 07/26/2009 17:09.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.537 [GMT -4:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))

.

2009-07-26 00:23 . 2009-07-26 00:23 -------- d-----w- c:\program files\Trend Micro

2009-07-24 14:45 . 2009-07-24 14:45 -------- d-----w- c:\windows\system32\XPSViewer

2009-07-24 14:45 . 2009-07-24 14:45 -------- d-----w- c:\program files\MSBuild

2009-07-24 14:45 . 2009-07-24 14:45 -------- d-----w- c:\program files\Reference Assemblies

2009-07-24 14:45 . 2009-07-24 14:45 -------- d-----w- C:\186a1b13339a7f5176

2009-07-24 14:45 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-07-24 14:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-07-24 14:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-07-24 14:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-07-24 14:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-07-24 14:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-07-24 14:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-07-24 14:44 . 2009-07-24 14:53 -------- d-----w- c:\windows\SxsCaPendDel

2009-07-23 22:39 . 2009-07-23 22:39 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache

2009-07-23 22:18 . 2009-07-23 22:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2009-07-23 22:18 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-23 22:18 . 2009-07-23 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-23 22:18 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-23 22:18 . 2009-07-23 22:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-23 21:49 . 2009-07-23 21:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-07-23 21:45 . 2009-07-23 21:45 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE

2009-07-23 21:44 . 2009-07-23 21:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-07-23 21:43 . 2009-07-23 21:43 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache

2009-07-23 21:42 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-07-23 21:42 . 2009-07-23 21:42 -------- d-----w- c:\windows\ie8updates

2009-07-23 21:41 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-07-23 21:41 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll

2009-07-23 21:41 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll

2009-07-23 21:41 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-21 00:56 . 2009-07-23 19:01 -------- d--h--w- C:\$AVG8.VAULT$

2009-07-21 00:52 . 2009-07-21 00:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-21 00:52 . 2009-07-21 00:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-21 00:52 . 2009-07-21 00:52 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-21 00:52 . 2009-07-21 00:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-21 00:52 . 2009-07-26 14:40 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-21 00:51 . 2009-07-21 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-07-21 00:51 . 2009-07-21 00:51 -------- d-----w- c:\program files\AVG

2009-07-21 00:10 . 2009-07-21 00:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8

2009-07-19 08:44 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-26 14:53 . 2005-08-12 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-07-24 14:53 . 2005-08-16 22:06 76656 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-23 22:11 . 2005-05-26 20:17 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-23 21:49 . 2005-08-23 02:02 -------- d-----w- c:\program files\ICQ

2009-07-21 00:50 . 2005-05-26 20:42 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-21 00:44 . 2005-05-26 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-06-30 14:38 . 2008-07-01 13:56 34 ----a-w- c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat

2009-06-21 15:31 . 2009-06-21 15:31 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-20 16:55 . 2008-03-21 21:16 227 ----a-w- c:\windows\PowerReg.dat

2009-06-16 14:36 . 2004-08-10 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-10 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-04 05:12 . 2005-05-26 19:43 -------- d-----w- c:\program files\Java

2009-06-04 05:11 . 2009-05-25 03:27 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-06-03 19:09 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-06-02 21:15 . 2009-05-31 04:23 -------- d-----w- c:\program files\AIM6

2009-06-01 15:47 . 2009-06-01 15:47 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-06-01 15:46 . 2005-08-23 03:17 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-01 15:40 . 2009-06-01 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-06-01 15:40 . 2009-06-01 15:40 -------- d-----w- c:\program files\NOS

2009-05-31 04:43 . 2006-03-17 05:22 -------- d-----w- c:\program files\America Online 9.0f

2009-05-31 03:52 . 2009-05-31 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM

2009-05-31 03:49 . 2005-08-12 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2009-05-26 00:32 . 2008-08-03 21:29 6020192 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimqqgames\QQSetup65.exe

2009-05-26 00:30 . 2009-05-26 00:30 14519936 ----a-w- c:\program files\Install_AIM.exe

2009-05-25 23:52 . 2009-05-25 23:31 63024 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\instSup.dll

2009-05-25 23:52 . 2009-05-25 23:31 5358864 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\ocpinst.exe

2009-05-25 23:52 . 2009-05-25 23:31 35888 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\postproc.exe

2009-05-25 23:52 . 2009-05-25 23:31 55200 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\instopts.exe

2009-05-25 23:52 . 2009-05-25 23:31 164912 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\inst.exe

2009-05-25 23:52 . 2009-05-25 23:31 11824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\tbinst.dll

2009-05-13 05:15 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:32 . 2004-08-10 04:00 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:46 . 2009-06-22 11:16 3068928 ----a-w- c:\windows\system32\SET2800.tmp

2009-04-29 04:46 . 2009-06-22 11:16 666624 ----a-w- c:\windows\system32\SET280E.tmp

2009-04-29 04:46 . 2009-06-22 11:16 620032 ----a-w- c:\windows\system32\SET280B.tmp

2009-04-28 11:59 . 2009-06-22 11:16 369664 ----a-w- c:\windows\system32\SET27EF.tmp

2007-08-07 23:05 . 2007-08-07 23:05 697856 ----a-w- c:\program files\ClientServiceInstaller.msi

2005-10-05 03:26 . 2005-10-05 03:26 395632 ----a-w- c:\program files\SP31149(vs15).exe

2005-08-22 04:34 . 2005-08-22 04:34 22 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-07-26_17.19.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-26 21:04 . 2009-07-26 21:04 16384 c:\windows\Temp\Perflib_Perfdata_5ec.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"WT GameChannel"="c:\program files\WildTangent\Apps\GameChannel.exe" [2004-09-13 267216]

"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"HostManager"="c:\program files\Common Files\AOL\1181626427\ee\AOLSoftware.exe" [2006-09-26 50736]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-21 1948440]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-21 00:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\America Online 9.0e\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Common Files\\AOL\\1181626427\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=

"c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=

"c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2009 8:52 PM 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/20/2009 8:52 PM 108552]

R1 ppmoucls;ppmoucls;c:\windows\system32\drivers\PPMOUCLS.SYS [2/2/2001 19872]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/20/2009 8:52 PM 298776]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [6/1/2009 11:40 AM 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uStart Page = hxxp://hk.yahoo.com/

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: ??? Microsoft Excel(&X) - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} - hxxps://www.doralusa.com/Services/SPR32X60.cab

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.69.25.47.22.downloads.estara.com./as/OneCCDM.php?template=107051&sessionid=227808069_68.237.100.195_50141&=&req=1211845905797OneCC.cab

DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab

DPF: {DF3336AF-E259-4978-9D69-B4BBF47BE261} - hxxp://tel.isoshu.com/zxlqs.cab

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-26 17:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1857362827-1777217148-2215771050-1008\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Office\Settings\

Link to post
Share on other sites

  • Staff

Thanks.. and this looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

The ComboFix was uninstalled. Everything is back to normal It's such a relief not getting redirect anymore. Besides, the computer starts up faster and the internet seems faster. I will update all the security softwares regularly.

Thank you so much for your help. I apperciate~

Link to post
Share on other sites

  • Staff

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.