1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

win32/pacex.gen virus

Discussion in 'Malware and Virus Removal Archive' started by berasencio, 2008/05/13.

  1. 2008/05/13
    berasencio

    berasencio Inactive Thread Starter

    Joined:
    2008/05/13
    Messages:
    2
    Likes Received:
    0
    How i can remove this virus, this is my hijack log:

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
    CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
    Percentage of Memory in Use: 52%
    Physical Memory (total/avail): 1014.11 MiB / 484.25 MiB
    Pagefile Memory (total/avail): 2439.16 MiB / 1966.02 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1919.11 MiB

    C: is Fixed (NTFS) - 142.2 GiB total, 72.07 GiB free.
    D: is Fixed (FAT32) - 6.83 GiB total, 4.77 GiB free.
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 - 149.05 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 142.2 GiB - C:
    \PARTITION1 - Unknown - 6.84 GiB - D:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.
    AntivirusOverride is set.

    AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader "
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
    "C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon "
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed "
    "C:\\Program Files\\Common Files\\AOL\\1165405797\\EE\\AOLServiceHost.exe "= "C:\\Program Files\\Common Files\\AOL\\1165405797\\EE\\AOLServiceHost.exe:*:Enabled:AOL "
    "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL "
    "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "= "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL "
    "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "= "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL "
    "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "= "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL "
    "C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\\WINDOWS\\system32\\mshta.exe "= "C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host "
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
    "C:\\Program Files\\KaZaA Lite\\Kazaa.exe "= "C:\\Program Files\\KaZaA Lite\\Kazaa.exe:*:Enabled:KaZaA Lite "
    "C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe "= "C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:p2P Networking "
    "C:\\Program Files\\uTorrent\\utorrent.exe "= "C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent "
    "C:\\WINDOWS\\system32\\dllcache\\winlogon.exe "= "C:\\WINDOWS\\system32\\dllcache\\winlogon.exe:*:Enabled:Windows Sharing "
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\Ares Ultra\\Ares Ultra.exe "= "C:\\Program Files\\Ares Ultra\\Ares Ultra.exe:*:Enabled:Ares Ultra p2p for windows "
    "C:\\Program Files\\Ares\\Ares.exe "= "C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows "
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner.BERNARD\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
    CLIENTNAME=Console
    COLLECTIONID=COL8143
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=BERNARD
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner.BERNARD
    ITEMID=dj-22741-15
    LANG=1033
    LOGONSERVER=\\BERNARD
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    OSVER=winXPP
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
    SESSIONID=1170691225233htx6060.cce.hp.com124e231:110ab3f5b37:7616
    SESSIONNAME=Console
    SWUTVER=1.0.22.20030804
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\OWNER~1.BER\LOCALS~1\Temp
    TIMEOUT=0
    TMP=C:\DOCUME~1\OWNER~1.BER\LOCALS~1\Temp
    TOOLPATH=/C:/Program%20Files/HP/HP%20Software%20Update/install.htm
    UPDATEDIR=C:\DOCUME~1\OWNER~1.BER\LOCALS~1\Temp\radD930A.tmp
    USERDOMAIN=BERNARD
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner.BERNARD
    VERSION=3.0.5.001
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Owner.BERNARD (admin)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent --> "C:\Program Files\uTorrent\uninstall.exe "
    µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Able2Extract v4.0 --> C:\Program Files\Investintech.com Inc\Able2Extract 4.0\Uninstal.exe
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
    Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
    BigFix --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\BigFix\Uninst.isu" -c "C:\Program Files\BigFix\Lib\UninstallHelper.dll "
    Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll "
    Business Plan Pro 2007 --> MsiExec.exe /X{6B2D979E-216D-43A4-BAE2-71A185922CA1}
    CENTINELA --> "C:\WINDOWS\CENTINELA\uninstall.exe" "/U:C:\Program Files\CENTINELA\irunin.xml "
    CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe "
    DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
    getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
    Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
    gtw_logo --> C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log "
    High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
    HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
    HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
    HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
    Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST
    Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
    Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
    IPro for Windows --> C:\WINDOWS\uninst.exe -fc:\IProWin\DeIsL1.isu -cc:\IProWin\_ISREG32.DLL
    iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
    J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    KChess Elite 4.0.0.38 --> "C:\Program Files\KChess\Elite\unins000.exe "
    LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Macrogaming SweetIM 2.0 --> MsiExec.exe /X{D9BBFA60-4514-4F08-A78F-91957F957495}
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
    mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
    mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
    Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
    mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
    Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
    Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
    Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
    mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
    mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
    mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Motorola SM56 Data Fax Modem --> rundll32.exe sm56coin.dll,SM56UnInstaller
    mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
    mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
    mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
    Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
    NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe "
    ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
    overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
    P2P Networking --> C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /UNINSTALL
    Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
    PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
    Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
    Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
    Security Update for Step By Step Interactive Training (KB898458) -->
    Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
    Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
    SweetIM For Internet Explorer 3.0b --> MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481}
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
    Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
    Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
    Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
    Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
    Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
    Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
    Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
    vanBasco's Karaoke Player --> C:\Program Files\vanBasco's Karaoke Player\uninst.exe
    VideoCAM Eye --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD1BD6BA-21C0-42C2-910B-11AE19FAD760}\Setup.exe" -l0x9
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe "
    Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
    Windows Media Tools 4.1 --> C:\Program Files\Windows Media Components\Tools\_insttoo.exe /U
    Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe "
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type21822 / Success
    Event Submitted/Written: 05/13/2008 00:39:30 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type21813 / Success
    Event Submitted/Written: 05/13/2008 09:24:32 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type21799 / Success
    Event Submitted/Written: 05/13/2008 00:37:11 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type21787 / Success
    Event Submitted/Written: 05/12/2008 08:19:55 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type21751 / Success
    Event Submitted/Written: 05/12/2008 10:04:34 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type39714 / Error
    Event Submitted/Written: 05/13/2008 06:59:20 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Client Service for NetWare service terminated with the following error:
    %%2

    Event Record #/Type39663 / Error
    Event Submitted/Written: 05/13/2008 00:04:49 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Client Service for NetWare service terminated with the following error:
    %%2

    Event Record #/Type39626 / Error
    Event Submitted/Written: 05/13/2008 09:23:27 AM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Client Service for NetWare service terminated with the following error:
    %%2

    Event Record #/Type39578 / Error
    Event Submitted/Written: 05/12/2008 08:39:05 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Client Service for NetWare service terminated with the following error:
    %%2

    Event Record #/Type39546 / Error
    Event Submitted/Written: 05/12/2008 08:19:26 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Client Service for NetWare service terminated with the following error:
    %%2



    -- End of Deckard's System Scanner: finished at 2008-05-13 19:20:26 ------------
     
    berasencio,
    #1
  2. 2008/05/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS berasencio, and sorry for the wait. :)

    The Deckard's scan should have produced 2 logs. The one you posted is the extra.txt and we need to see the other, main.txt. Please peruse the C:\Deckard, locate the main.txt file and post it here.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/05/18
    berasencio

    berasencio Inactive Thread Starter

    Joined:
    2008/05/13
    Messages:
    2
    Likes Received:
    0
    Scan Log:

    5/18/2008 9:09:57 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP405\A0134448.inf INF/Autorun virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:09:01 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP450\A0146221.bat Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:09:01 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP450\A0146218.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:09:01 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP450\A0146219.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:09:00 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146139.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:09:00 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP450\A0146217.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:56 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP450\A0146220.cmd Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:54 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146135.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:54 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146136.inf Win32/PSW.OnLineGames.ADVG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:53 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146127.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:50 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146112.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:47 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146113.inf Win32/PSW.OnLineGames.ADVG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:44 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0145966.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:43 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0145961.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:43 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0145969.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:43 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0145992.inf Win32/PSW.OnLineGames.ADVG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:39 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146099.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:39 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146070.inf Win32/PSW.OnLineGames.ADVG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:39 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP449\A0146011.inf Win32/PSW.OnLineGames.ADVG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:33 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0145960.bat Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:27 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0145953.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:21 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0145903.bat Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:21 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0145905.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:20 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0145901.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:16 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144884.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:16 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144887.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:16 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144901.bat Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:16 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144902.inf Win32/PSW.OnLineGames.ADVG trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:08:15 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144940.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:59 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144876.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:59 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144883.bat Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:59 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144862.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:59 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144863.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:52 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144860.cmd Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:43 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144819.cmd Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:43 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144810.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:39 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144645.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:38 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144623.cmd Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:37 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144851.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:36 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144610.cmd Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:35 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144689.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:34 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144682.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:32 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP448\A0144681.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:21 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144605.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:21 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144469.cmd Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:20 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144473.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:19 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144497.cmd Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:18 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144474.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:17 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144492.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:16 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP446\A0144391.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:15 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP444\A0144351.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:13 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP444\A0144350.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:07:03 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP444\A0144344.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:51 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP444\A0144219.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:49 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP443\A0144099.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:49 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP444\A0144218.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:40 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP443\A0144098.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:36 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP442\A0144071.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:36 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP442\A0144049.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:34 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP441\A0144040.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:33 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP441\A0144046.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:24 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP442\A0144072.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:23 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP441\A0144041.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:22 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP441\A0144047.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 9:06:21 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP442\A0144050.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
    5/18/2008 10:34:36 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:34:35 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:34:34 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:34:33 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:34:33 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:34:32 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:34:00 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:59 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:57 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:56 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:55 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:55 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:47 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:45 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:45 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:43 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:43 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:32 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:31 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:18 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:17 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:13 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:11 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:11 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:10 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:09 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:08 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/18/2008 10:33:07 AM HTTP filter file http://www.qiqigm.com/04.htm JS/TrojanDownloader.Agent.BWP trojan connection terminated - quarantined BERNARD\Owner Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
    5/17/2008 9:45:13 AM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144437.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
    5/16/2008 11:55:19 AM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144436.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    5/16/2008 11:37:42 AM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144434.exe Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    5/15/2008 6:24:45 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144431.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    5/14/2008 6:06:18 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144430.com Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    5/14/2008 4:40:40 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144426.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    5/14/2008 4:32:10 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144419.dll Win32/PSW.OnLineGames.ODJ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
    5/13/2008 10:35:13 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144412.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
    5/13/2008 9:20:00 PM Real-time file system protection file C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP447\A0144403.inf Win32/PSW.OnLineGames.NNU trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.
     
    berasencio,
    #3
  5. 2008/05/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please post the log I requested above.
     
    noahdfear,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...