Jump to content


Photo

My Scrollbar's ''scrolling'' weird


  • This topic is locked This topic is locked
17 replies to this topic

#1 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 17 June 2008 - 12:22 AM

Yesterday(when I re-activated my internet service) the scrollbar began to disobey my orders(lol, just a little)... When i use the mouse wheel to scroll up...... first, the bar goes down and then it finally goes up vice versa. Its like removing the brake from the car(the car goes back for a second and then you're ready to roll! BUT the scrollbar does it at a faster speed). This thing gets on my nerves cause you obviously cant get to the top or bottom of a long page with just one scroll! and so 60% of the time that i scroll up, the scrollbar does that weird thing.... Since i love scrolling rapidly trough the pages, i get an effect like if the window freezes for a second, it feels like if i stayed on the same place. :unsure:

ANY window with a scroll bar will do this

Is there a simple explanation for this?

is there a cure lol

thanks so much guys!

Edited by Dark Hobo, 17 June 2008 - 02:23 AM.

Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 June 2008 - 09:41 AM

Does the mouse pointer look like the image below? If so, that is the function of the wheel button on your mouse. Click the wheel button (push it down and release it) to change back to a normal pointer.

Also, look in Control Panel->Mouse. In the 'Buttons' tab, uncheck 'Turn on ClickLock'. In the 'Wheel' tab, make sure the settings are what you want.

Attached Files


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 17 June 2008 - 03:58 PM

thanks for the help

i played around with the mouse settings but i like it as it is. i just dont like the way its acting.

My cursor always has a normal appearance(of an arrow) unless i click on the mouse wheel. and if i do, the page window will normally scroll down/up. Also, if I use the scrollbar to do it manually(by clicking on the scrollbar),, it will work fine, it wont do that weird thing

the problem's when i scroll the page by rolling the mouse wheel.....



i guess its a virus or i at least know i have some viruses on my computer.
One QUEstion.......... Some of the pinned topics are somewhat old. The ''analyze you own hijack log'' topic, is a year old. Is the info still useful? I haven't read the tutorial but i want to give it a try.


if i have trouble with it, i'll come back in a couple of days...


oh, and year by year the number 1 antvirus keeps changing. Is kaspersky anti-virus the #1 anti-virus for 2008? Or which should I buy?

tjanks in advance :thumbup:
Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#4 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 26 June 2008 - 07:13 PM

Hello again, and sorry to once again bother (i know you're all busy). My mouse freezes most of the time. I tires switching mouses (i have 3) but thats not the problem. Sometimes (almost always) when I turn the computer on, the mouse(cursor) will work fine, but then a couple of minutes later, it slowly begins to stop moving. Apart from that, i've had a tojan whose name i dont remember but its something like ''trojan.onlinegames.psm'' or something like that. I've had it for a couple of weeks. I guess that might be the problem... But when i click to delete(using kapersky), the trojan always switches to another file extension (.exe to .inf vice versa).

I dont get it, my computer is a year old. I'm the ONLY one to ever use it. I guess its the pages that I visit online. But I visit non-risky sites. I really dont get it...


I will be patient, OK! First take care of other urgent and totally dangerous spyware that other people must get rid of{
I can wait a week(navigating with my keyboard). Cool?

Here's the hijacklist



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:11:57 p.m., on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7366 bytes



And another question.... Did Hijackthis check the stuff on my other hard drives? I have hard drive D as extra space. And also installed hardrive F as backup (i dont know how to say this...... hard drive F is the same as hard drive C.... If i have problems with C, i'll swtich to F...... they both contain folders called: Documents and settings, windows, program files etc...... I dont know how these special drives are called.... but i rarely switch to drive F. I always log on using hard drive C........... Anyway, does hijack this check the other stuff that got installed on hard drive D and F?? There's no hard drive F or D info on the hijackthis log...)

Edited by Dark Hobo, 27 June 2008 - 12:37 AM.

Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 27 June 2008 - 04:12 AM

Hi Dark Hobo. cnm asked me to help you after you posted a HijackThis log, and I merged your two topics as they appear to be for the same issue.
I don't see anything bad in the log that you posted.

And another question.... Did Hijackthis check the stuff on my other hard drives? I have hard drive D as extra space. And also installed hardrive F as backup (i dont know how to say this...... hard drive F is the same as hard drive C.... If i have problems with C, i'll swtich to F...... they both contain folders called: Documents and settings, windows, program files etc...... I dont know how these special drives are called.... but i rarely switch to drive F. I always log on using hard drive C........... Anyway, does hijack this check the other stuff that got installed on hard drive D and F??

I think what you mean is that you have another installation of Windows on drive F:, and when you start your system you can select to boot from that installation. HijackThis checks entries in the registry. The only checking it does for files is to see if the files referenced in those registry entries are found on the hard drive, so no, it's not checking D: or F:. The only way you could do that would be to boot from the Windows installation on your other drive and run HijackThis, and then that version of the Windows registry would be loaded and that is what HijackThis would be checking.

When you run a virus or malware scanner though, as long as you select all drives or a full system scan, it would be checking the files on that F: drive (although not the entries on that copy of the Windows registry).

Right-click on My Computer on your Desktop.
Delect the Hardware tab.
Click the Device Manager button.
Click on the + to the left of Mice and other pointing devices to expand the entry.
What is the icon showing for the mouse entry, is it a mouse, or a question mark, or other graphic?
Double-click on the entry for your mouse.
What is the text present under Device Status?
Does it say "This device is working properly?"

Open Kaspersky AntiVirus (double-click on the red K in the System Tray).
In the left pane, select Reports and data files.
Then on the right, click on Reports.
The window that opens will probably say Threats have been detected!
Click the Detected tab.
At the bottom of the window, click the Actions button, and select Save As.
Save the file as Report.txt to your Desktop, and post that log in your next reply.

Yahoo's software can sometime cause some errors. Please go to Control Panel's Add or Remove Programs and temporarily uninstall Yahoo Messenger and Yahoo Companion, and any other Yahoo entries you see.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
  • Click the "Download" button to the right.
  • In the Window that opens, check the "agree" box.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe that you downloaded to install the newest version.
Please post a new HijackThis log, the log from MBAM, the report from Kaspersky AntiVirus (that you saved as Report.txt), answer the question above about your mouse, and note any erorrs encountered..

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 30 June 2008 - 09:39 PM

Hi there Joker! I'm glad to see ya again! You helped me kill some spyware about 4 years ago.

Well, today I did everything you asked.
My mouse actually began to work 2 days after I posted this, but the cursor once again(since yesterday) sometimes freezes. Sometimes for a few seconds(1-3) or sometimes forever. So I then reboot, but it always keeps happening... and for some reason, when it does freeze, it happens when I move the cursor to my right. After that, I could only move left. Then, I could freely move anywhere until I move my mouse all the way to the left....... Did this actually make sense? :unsure:

THe mouse device status DOES show "This device is working properly"


Malwarebytes' Anti-Malware did not detect a thing!? How weird... It was unnecessary to post the log


I deleted all of the Yahoo stuff...


I updated to Java 6


And also, today my computer began to slow down (a lot)


First the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:25 p.m., on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6950 bytes





Here's Kaspersky's:



Protection : running
--------------------
Total scanned: 17250
Detected: 81
Untreated: 0
Start time: 30/06/2008 08:34:13 p.m.
Duration: 01:53:27


Detected
--------
Status Object
------ ------
not found: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\WINDOWS\system32\amvo.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\autorun.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnz File: C:\WINDOWS\system32\amvo0.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\autorun.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\autorun.inf
not found: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\AUTORUN.INF
not found: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\xo8wr9.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.puf File: C:\Documents and Settings\JUAN RODRIGO\Local Settings\Temp\i.dll
deleted: Trojan program Trojan-PSW.Win32.Delf.abx File: C:\WINDOWS\wscmgr.exe//UPX
detected: riskware Invader Running process: C:\WINDOWS\System32\svchost.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024124.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnz File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025120.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025124.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP156\A0024177.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024089.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnz File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024121.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0025999.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026361.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0026091.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026337.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnz File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026366.dll
deleted: Trojan program Backdoor.Win32.Ciadoor.gn File: F:\1111 software juanito\11hijo nov t07\Copy of Realviz Stitcher 5.51 Unlimited + crack.XFORCE\setup\Setup.exe//data0000.cab/CRACKL~1.EXE
deleted: Trojan program Backdoor.Win32.Ciadoor.gn File: F:\1111 software juanito\11hijo nov t07\Realviz Stitcher 5.51 Unlimited + crack.XFORCE\setup\Setup.exe//data0000.cab/CRACKL~1.EXE
detected: riskware Invader Running process: C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
detected: Trojan program Exploit.JS.RealPlr.id URL: http://lustgal.com/?....2023.9436.6428.
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025125.inf
detected: riskware Hidden install Running process: C:\Program Files\Yahoo!\Messenger\yupdater.exe
detected: riskware Invader Running process: C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnz File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025190.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025193.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025194.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0025995.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0025996.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnz File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0026083.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0026087.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0026088.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026333.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026334.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnz File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026350.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026357.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026358.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026363.exe
deleted: Trojan program Trojan-PSW.Win32.Delf.abx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026381.exe//UPX
deleted: Trojan program Trojan-PSW.Win32.Delf.abx File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026407.exe//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025126.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025127.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025195.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025196.inf
detected: riskware Hidden install Running process: I:\AdbeRdr70_enu_full.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0025997.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0025998.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0026089.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0026090.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026335.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026336.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026359.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026360.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025128.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025129.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025197.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025198.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0026000.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP158\A0026092.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026338.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP159\A0026362.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024090.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024125.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP156\A0024178.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024091.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024092.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024126.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024127.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP156\A0024179.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: D:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP156\A0024180.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024093.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024094.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024128.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024129.inf
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pnx File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP156\A0024181.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.pqm File: F:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP156\A0024182.inf
detected: riskware Hidden install Running process: C:\Program Files\Yahoo!\Common\unyt_wrap.exe


Events
------
Time Event
---- -----
08/05/2008 09:03:08 p.m. Kaspersky Anti-Virus is not activated. You are advised to activate the application as soon as possible.
08/05/2008 09:03:09 p.m. You are advised to perform a full computer scan as soon as possible.
08/05/2008 09:03:13 p.m. Database is out of date, leaving your computer at risk of infection. Please update your database.
08/05/2008 09:03:13 p.m. Protection of your computer is enabled.
08/05/2008 09:03:56 p.m. File C:\WINDOWS\system32\amvo.exe: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'. User: MUSICA-1591D655\JUAN RODRIGO, computer: localhost.
08/05/2008 09:03:56 p.m. Security threats have been detected. You are advised to neutralize them immediately.
08/05/2008 09:04:15 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:05:34 p.m. File C:\WINDOWS\system32\amvo0.dll: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnz'.
08/05/2008 09:05:34 p.m. File C:\WINDOWS\system32\amvo0.dll: is still infected, postponed.
08/05/2008 09:06:02 p.m. File c:\windows\system32\amvo.exe: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'.
08/05/2008 09:06:02 p.m. File c:\windows\system32\amvo.exe: is still infected, postponed.
08/05/2008 09:06:25 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:06:25 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:06:25 p.m. File C:\WINDOWS\system32\amvo0.dll: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnz'.
08/05/2008 09:06:36 p.m. File C:\AUTORUN.INF: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:06:48 p.m. File C:\WINDOWS\SYSTEM32\AMVO.EXE: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'.
08/05/2008 09:07:20 p.m. File D:\AUTORUN.INF: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:07:21 p.m. File F:\AUTORUN.INF: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:07:21 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:07:21 p.m. File C:\WINDOWS\SYSTEM32\AMVO0.DLL: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnz'.
08/05/2008 09:07:21 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:07:24 p.m. File c:\windows\system32\amvo0.dll: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnz'.
08/05/2008 09:07:37 p.m. File C:\xo8wr9.exe: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'.
08/05/2008 09:08:00 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:08:00 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:08:00 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:08:25 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:08:25 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:08:25 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:08:50 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:08:50 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:08:50 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:09:16 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:09:16 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:09:16 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:09:43 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:09:43 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:09:43 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:08 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:08 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:08 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:31 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:31 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:31 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:56 p.m. File C:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:56 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:10:56 p.m. File D:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:11:12 p.m. File C:\WINDOWS\SYSTEM32\AMVO0.DLL: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnz'. User: MUSICA-1591D655\JUAN RODRIGO, computer: localhost.
08/05/2008 09:11:12 p.m. File C:\WINDOWS\system32\amvo.exe: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'.
08/05/2008 09:11:15 p.m. File C:\WINDOWS\system32\amvo.exe: deleted.
08/05/2008 09:11:16 p.m. File C:\WINDOWS\system32\amvo0.dll: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnz'.
08/05/2008 09:11:16 p.m. File C:\autorun.inf: deleted.
08/05/2008 09:11:19 p.m. File D:\autorun.inf: deleted.
08/05/2008 09:11:21 p.m. File F:\autorun.inf: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pqm'.
08/05/2008 09:11:21 p.m. File F:\autorun.inf: deleted.
08/05/2008 09:11:22 p.m. File C:\WINDOWS\system32\amvo0.dll will be deleted on system restart.
08/05/2008 09:11:23 p.m. File C:\AUTORUN.INF cannot be deleted.
08/05/2008 09:11:25 p.m. File C:\WINDOWS\SYSTEM32\AMVO.EXE cannot be deleted.
08/05/2008 09:11:26 p.m. File D:\AUTORUN.INF cannot be deleted.
08/05/2008 09:11:33 p.m. File F:\AUTORUN.INF: is still infected, skipped by user.
08/05/2008 09:11:35 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:11:36 p.m. File C:\WINDOWS\SYSTEM32\AMVO0.DLL will be deleted on system restart.
08/05/2008 09:11:37 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:11:38 p.m. File c:\windows\system32\amvo0.dll will be deleted on system restart.
08/05/2008 09:11:41 p.m. File C:\xo8wr9.exe cannot be deleted.
08/05/2008 09:11:42 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:11:43 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:11:43 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:11:46 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:11:48 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:11:51 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:11:53 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:11:53 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:11:54 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:11:57 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:11:58 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:11:58 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:11:59 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:11:59 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:12:00 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:12:00 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:12:01 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:12:02 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:12:03 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:12:04 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:12:05 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:12:06 p.m. File C:\autorun.inf cannot be deleted.
08/05/2008 09:12:06 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:12:07 p.m. File D:\autorun.inf cannot be deleted.
08/05/2008 09:12:07 p.m. File C:\WINDOWS\SYSTEM32\AMVO0.DLL will be deleted on system restart.
08/05/2008 09:12:08 p.m. File C:\WINDOWS\system32\amvo0.dll will be deleted on system restart.
08/05/2008 09:12:08 p.m. File F:\autorun.inf cannot be deleted.
08/05/2008 09:12:26 p.m. Protection of your computer is not running. You are advised to resume protection.
08/05/2008 09:13:43 p.m. You are advised to perform a full computer scan as soon as possible.
08/05/2008 09:13:43 p.m. Database is out of date, leaving your computer at risk of infection. Please update your database.
08/05/2008 09:13:43 p.m. Protection of your computer is enabled.
08/05/2008 09:13:47 p.m. Security threats have been detected. You are advised to neutralize them immediately.
08/05/2008 09:20:55 p.m. Please restart your computer to complete the installation of new or updated protection components.
08/05/2008 09:20:58 p.m. Update completed successfully
08/05/2008 09:28:42 p.m. File C:\Documents and Settings\JUAN RODRIGO\Local Settings\Temp\i.dll: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.puf'.
08/05/2008 09:28:42 p.m. Security threats have been detected. You are advised to neutralize them immediately.
08/05/2008 09:28:42 p.m. File C:\Documents and Settings\JUAN RODRIGO\Local Settings\Temp\i.dll: is still infected, postponed.
08/05/2008 10:02:26 p.m. File C:\WINDOWS\wscmgr.exe//UPX: detected: Trojan program 'Trojan-PSW.Win32.Delf.abx'.
08/05/2008 10:02:26 p.m. File C:\WINDOWS\wscmgr.exe//UPX: is still infected, postponed.
08/05/2008 10:21:49 p.m. You are advised to perform a full computer scan as soon as possible.
08/05/2008 10:21:49 p.m. Security threats have been detected. You are advised to neutralize them immediately.
08/05/2008 10:21:49 p.m. Protection of your computer is enabled.
08/05/2008 10:22:23 p.m. Process (PID 1112) tried to access Kaspersky Anti-Virus process (PID 512), but the action has been blocked by the Self-Defense component. No action on your part is required.
08/05/2008 10:41:54 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 88.5.122.252. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
08/05/2008 11:14:51 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 203.87.208.106. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
08/05/2008 11:16:17 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 118.112.215.8. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
08/05/2008 11:24:30 p.m. Update completed successfully
09/05/2008 01:44:20 a.m. Update completed successfully
09/05/2008 04:16:34 a.m. Update completed successfully
09/05/2008 06:26:44 a.m. Update completed successfully
09/05/2008 08:51:16 a.m. Update completed successfully
09/05/2008 11:07:35 a.m. Update completed successfully
09/05/2008 01:23:24 p.m. Update completed successfully
09/05/2008 03:44:31 p.m. Update completed successfully
09/05/2008 06:04:25 p.m. Update completed successfully
09/05/2008 08:25:04 p.m. Update completed successfully
09/05/2008 10:43:13 p.m. Update completed successfully
10/05/2008 01:04:11 a.m. Update completed successfully
10/05/2008 03:31:37 a.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 189.4.87.210. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
10/05/2008 03:31:44 a.m. Not all components were updated
10/05/2008 04:24:38 a.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 90.185.209.65. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
10/05/2008 05:48:29 a.m. Update completed successfully
10/05/2008 08:04:05 a.m. Update completed successfully
10/05/2008 10:34:22 a.m. Update completed successfully
10/05/2008 12:47:22 p.m. Update completed successfully
10/05/2008 03:06:42 p.m. Update completed successfully
10/05/2008 05:26:23 p.m. Update completed successfully
10/05/2008 07:44:32 p.m. Update completed successfully
10/05/2008 10:06:46 p.m. Update completed successfully
11/05/2008 12:26:49 a.m. Update completed successfully
11/05/2008 02:44:25 a.m. Update completed successfully
11/05/2008 05:04:27 a.m. Update completed successfully
11/05/2008 07:24:28 a.m. Update completed successfully
11/05/2008 09:44:41 a.m. Update completed successfully
11/05/2008 12:04:25 p.m. Update completed successfully
11/05/2008 02:24:22 p.m. Update completed successfully
11/05/2008 04:50:09 p.m. You are advised to perform a full computer scan as soon as possible.
11/05/2008 04:50:09 p.m. Protection of your computer is enabled.
11/05/2008 05:04:29 p.m. Update completed successfully
11/05/2008 07:07:21 p.m. Process C:\WINDOWS\System32\svchost.exe (PID: 1652): attempt to embed itself into another process allowed.
11/05/2008 07:09:22 p.m. Process (PID 2080) tried to access Kaspersky Anti-Virus process (PID 3208), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:09:22 p.m. Process (PID 2080) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:11:21 p.m. Process (PID 2108) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:11:21 p.m. Process (PID 2108) tried to access Kaspersky Anti-Virus process (PID 3208), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:11:43 p.m. Process C:\WINDOWS\System32\svchost.exe (PID: 1652): attempt to embed itself into another process allowed.
11/05/2008 07:13:39 p.m. Process (PID 2816) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:13:39 p.m. Process (PID 2816) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:18:31 p.m. Process (PID 3736) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:18:31 p.m. Process (PID 3736) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:19:00 p.m. Process (PID 2944) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:19:00 p.m. Process (PID 2944) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:19:56 p.m. Process (PID 3812) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:19:56 p.m. Process (PID 3812) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:22:50 p.m. Process (PID 1572) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:22:50 p.m. Process (PID 1572) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:24:24 p.m. Update completed successfully
11/05/2008 07:42:33 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 85.113.32.86. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
11/05/2008 07:47:02 p.m. Process (PID 2284) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 07:47:02 p.m. Process (PID 2284) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
11/05/2008 09:46:36 p.m. Update completed successfully
12/05/2008 12:05:18 a.m. Update completed successfully
12/05/2008 02:25:23 a.m. Update completed successfully
12/05/2008 04:45:15 a.m. Update completed successfully
12/05/2008 07:05:05 a.m. Update completed successfully
12/05/2008 07:30:24 a.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 202.103.178.53. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 09:05:43 a.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 189.4.87.210. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 09:28:38 a.m. Update completed successfully
12/05/2008 10:20:34 a.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 60.190.223.6. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 10:40:46 a.m. Process (PID 3404) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
12/05/2008 11:19:05 a.m. Process (PID 608) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
12/05/2008 11:19:05 a.m. Process (PID 608) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
12/05/2008 11:48:07 a.m. Update completed successfully
12/05/2008 02:10:22 p.m. Update completed successfully
12/05/2008 03:32:23 p.m. Process (PID 4008) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
12/05/2008 03:32:23 p.m. Process (PID 4008) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
12/05/2008 04:31:04 p.m. Update completed successfully
12/05/2008 04:57:26 p.m. Process (PID 2432) tried to access Kaspersky Anti-Virus process (PID 2992), but the action has been blocked by the Self-Defense component. No action on your part is required.
12/05/2008 04:57:26 p.m. Process (PID 2432) tried to access Kaspersky Anti-Virus process (PID 1600), but the action has been blocked by the Self-Defense component. No action on your part is required.
12/05/2008 05:41:08 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:18 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:18 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:21 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:22 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:24 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:24 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:27 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:27 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:28 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:28 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:32 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:32 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:33 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:34 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:39 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:39 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:40 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:40 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:47 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:47 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:50 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:50 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:51 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:51 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:52 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:52 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:53 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:53 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:54 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:54 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:55 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:55 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:57 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:57 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:58 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:41:58 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:41:59 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:42:00 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:42:00 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:42:00 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:42:01 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:42:01 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:42:02 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:42:02 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:42:03 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:42:03 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): suspicious action. Attempt to perform suspicious actions.
12/05/2008 05:42:03 p.m. Process C:\Program Files\Pinnacle\Shared Files\Pixie\PixieTool.exe (PID: 2704): attempt to perform suspicious actions allowed.
12/05/2008 05:53:58 p.m. You are advised to perform a full computer scan as soon as possible.
12/05/2008 05:53:59 p.m. Protection of your computer is enabled.
12/05/2008 06:06:16 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024124.exe: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'.
12/05/2008 06:06:16 p.m. Security threats have been detected. You are advised to neutralize them immediately.
12/05/2008 06:06:27 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024124.exe: deleted.
12/05/2008 06:06:35 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025120.dll: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnz'.
12/05/2008 06:06:35 p.m. Security threats have been detected. You are advised to neutralize them immediately.
12/05/2008 06:06:43 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025120.dll: deleted.
12/05/2008 06:06:43 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025124.exe: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'.
12/05/2008 06:06:43 p.m. Security threats have been detected. You are advised to neutralize them immediately.
12/05/2008 06:06:49 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP157\A0025124.exe: deleted.
12/05/2008 06:07:21 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP156\A0024177.exe: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'.
12/05/2008 06:07:21 p.m. Security threats have been detected. You are advised to neutralize them immediately.
12/05/2008 06:07:28 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP156\A0024177.exe: deleted.
12/05/2008 06:07:34 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024089.exe: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnx'.
12/05/2008 06:07:34 p.m. Security threats have been detected. You are advised to neutralize them immediately.
12/05/2008 06:07:44 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024089.exe: deleted.
12/05/2008 06:09:15 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024121.dll: detected: Trojan program 'Trojan-PSW.Win32.OnLineGames.pnz'.
12/05/2008 06:09:15 p.m. Security threats have been detected. You are advised to neutralize them immediately.
12/05/2008 06:09:19 p.m. File C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP155\A0024121.dll: deleted.
12/05/2008 06:38:07 p.m. Update completed successfully
12/05/2008 07:13:52 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 85.113.32.86. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 07:20:59 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 58.182.4.96. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 07:32:44 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 91.117.113.183. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 07:43:31 p.m. You are advised to perform a full computer scan as soon as possible.
12/05/2008 07:43:31 p.m. Protection of your computer is enabled.
12/05/2008 07:52:18 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 58.182.4.96. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 07:59:16 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 85.113.32.86. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 08:08:14 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 202.103.178.53. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
12/05/2008 08:55:33 p.m. Update completed successfully
12/05/2008 10:05:04 p.m. Process (PID 2128) tried to access Kaspersky Anti-Virus process (PID 3484), but the action has been blocked by the Self-Defense component. No action on your part is required.
12/05/2008 10:05:04 p.m. Process (PID 2128) tried to access Kaspersky Anti-Virus process (PID 568), but the action has been blocked by the Self-Defense component. No action on your part is required.
13/05/2008 11:48:21 a.m. You are advised to perform a full computer scan as soon as possible.
13/05/2008 11:48:21 a.m. Protection of your computer is enabled.
13/05/2008 11:50:14 a.m. Update completed successfully
13/05/2008 12:06:04 p.m. Process (PID 1992) tried to access Kaspersky Anti-Virus process (PID 568), but the action has been blocked by the Self-Defense component. No action on your part is required.
13/05/2008 12:11:18 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 87.204.37.222. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
13/05/2008 12:30:10 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 58.182.24.180. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
13/05/2008 12:40:10 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 88.134.81.82. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
13/05/2008 12:44:15 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 85.113.32.86. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
13/05/2008 01:28:05 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 87.227.87.43. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
13/05/2008 02:17:37 p.m. Update completed successfully
13/05/2008 03:18:01 p.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 217.76.116.137. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
13/05/2008 04:34:11 p.m. Update completed successfully
13/05/2008 06:52:04 p.m. Update completed successfully
13/05/2008 09:19:30 p.m. Update completed successfully
13/05/2008 11:30:40 p.m. Update completed successfully
14/05/2008 01:01:18 a.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 200.104.154.108. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
14/05/2008 01:52:57 a.m. Update completed successfully
14/05/2008 04:13:48 a.m. Update completed successfully
14/05/2008 04:30:54 a.m. The application F:\Azureus\Azureus\Azureus.exe cannot establish connection with server 90.17.147.93. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
14/05/2008 06:30:51 a.m. Update completed successfully
14/05/2008 08:53:09 a.m. Update completed successfully
14/05/2008 11:10:58 a.m. Update completed successfully
14/05/2008 01:40:39 p.m. Update completed successfully
14/05/2008 03:51:34 p.m. Update completed successfully
14/05/2008 06:07:05 p.m. You are advised to perform a full computer scan as soon as possible.
14/05/2008 06:07:05 p.m. Protection of your computer is enabled.
14/05/2008 06:08:02 p.m. Update completed successfully
14/05/2008 08:30:

Edited by Dark Hobo, 30 June 2008 - 09:42 PM.

Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#7 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 30 June 2008 - 09:50 PM

and another question... should i stop using Azureus? Should i stop downloading torrents? I only download recent TV shows from the US (since i no longer live there, I don't want to wait months to see them here in Mexico plus they'll be in Spanish)

and i also downloaded an ''old'' pc game.... might the game contain a virus? BUT when i downloaded this game, i ALREADY had the ''Trojan-PSW.Win32.OnLineGames'' virus....

thanks joker

Edited by Dark Hobo, 01 July 2008 - 01:58 AM.

Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 01 July 2008 - 04:00 AM

should i stop using Azureus? Should i stop downloading torrents?

Azureus is a clean P2P program, in that it doesn't contain any adware or spyware. However, many P2P networks are riddled with infected files.

I only download recent TV shows from the US (since i no longer live there, I don't want to wait months to see them here in Mexico plus they'll be in Spanish)

Even video files can be infected, even though they aren't executable files.

i also downloaded an ''old'' pc game.... might the game contain a virus? BUT when i downloaded this game, i ALREADY had the ''Trojan-PSW.Win32.OnLineGames'' virus....

It doesn't matter how old or recent a file it, it can still be infected. Downloading any file from any untrusted source means you are taking a risk of ending up with an infected file. Even files from a "trusted" source can carry a slight risk; anyone else might unintentionally become infected with something they are not yet able to detect.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
In internet explorer, please run the BitDefender online scan at BitDefender.com
You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Please attach the bdscan.html file to your next post. You will have to Zip it to attach it.
The reason for attaching it is the file isn't in plain text, it will be in html.
To attach a file, you need to be viewing the full version of the site.
In a Reply window, the option to attach a file is just below the box where you type in your reply:

Posted Image

If you can't attach the file, go to http://savefile.com and you can upload the zipped log file there. There is no need to register, just click the "UPLOAD MY FILE" button. After you upload the file, please post the link to the file in your topic. That way, anyone on the board can see the log almost as easily as if it were posted here.

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Please post a new HijackThis log, the log from Dr.Web CureIt (DrWeb.csv), attach the log from BitDefender (or upload it to savefile.com), and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 11 July 2008 - 11:19 PM

Hi Joker. Thanks again for the help. I followed all instructions

my mouse froze again(before any of this). and its still frozen, and so i could NOT ''click'' on EXPORT THE SCAN REPORT button from the website... It deleted something from a software and a file named: D:\System Volume Information\_restore{F63184EA-ADFD-484E87C9....... I couldnt see the rest of the file name because i couldn't expand the window(at least not without the mouse).

Thanks again


Here is my Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:13 p.m., on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Reader\Reader\Reader_sl.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Reader\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6985 bytes




The Dr. Web Curelt I dowloaded automatically gave me a spanish version....

''Archivo comprimido contiene objectos infecados'' = Compressed file contains infected objects
''Movido'' = MOVED
''Eliminado'' = Eliminated



Here is the Dr. Web Curelt Log:


data001\0011\E6\1stRun.exe;C:\Documents and Settings\JUAN RODRIGO\Desktop\Canon_Rock_bg\SUPERsetup.exe\data002\data001;FDOS.Atomix.28;;
data001;C:\Documents and Settings\JUAN RODRIGO\Desktop\Canon_Rock_bg\SUPERsetup.exe\data002;Archivo comprimido contiene objetos infectados;;
data002;C:\Documents and Settings\JUAN RODRIGO\Desktop\Canon_Rock_bg\SUPERsetup.exe;Archivo comprimido contiene objetos infectados;;
SUPERsetup.exe;C:\Documents and Settings\JUAN RODRIGO\Desktop\Canon_Rock_bg;Archivo comprimido contiene objetos infectados;Movido.;
1stRun.exe;C:\Program Files\eRightSoft\SUPER\spk;FDOS.Atomix.28;Eliminado.;
data001\0011\E6\1stRun.exe;C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203\A0042823.exe\data002\data001;FDOS.Atomix.28;;
data001;C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203\A0042823.exe\data002;Archivo comprimido contiene objetos infectados;;
data002;C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203\A0042823.exe;Archivo comprimido contiene objetos infectados;;
A0042823.exe;C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203;Archivo comprimido contiene objetos infectados;Movido.;
A0042824.exe;C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203;FDOS.Atomix.28;Eliminado.;



In case you might hsve missed, I just realized that my DISK C also had a file named:
C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203

I think this is what Bitdefender detected and deleted but on DISK D(this is the file i wrote above). I first used Dr. Web Curelt and THEN i went to Bitdefender.com


On My dive F, might there also be this file?:
:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203
Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 12 July 2008 - 07:01 AM

my mouse froze again(before any of this). and its still frozen, and so i could NOT ''click'' on EXPORT THE SCAN

If that happens, you can probably move between buttons, or panes in a window with the Tab button, and between open Windows by using ALT-Tab.

The Dr. Web Curelt I dowloaded automatically gave me a spanish version....

You said you were in Mexico, so it probably detected that by your IP address, and automatically assumed that you needed a Spanish version.

DrWeb CureIt found several infected files in your eRightSoft Super program folder.
Go to Start > Control Panel > Add or Remove Programs and remove the following program, if found:
eRightSoft Super
It might be simply listed as Super

Then, using Windows Explorer, delete the follwoing folder if still there:
C:\Program Files\eRightSoft

In case you might hsve missed, I just realized that my DISK C also had a file named:
C:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203

I think this is what Bitdefender detected and deleted but on DISK D(this is the file i wrote above). I first used Dr. Web Curelt and THEN i went to Bitdefender.com

On My dive F, might there also be this file?:
:\System Volume Information\_restore{F63184EA-ADFD-484E-87C9-4B72218FEAFE}\RP203

Those are folders in yrou System Restore. They are not currently a threat, and will be removed when we do our final cleanup, deleting all but the most recent Restore Point (after creating a new one).

I don't think you mouse problem is a malware problem. I think it may be related to the mouse driver setup, or your Windows allocation of resources for the mouse, and there may be a conflict with something else.

When you mouse is frozen, go to your Hardware Device Manager.
Hold down the Windows key (it has the Windows logo on it) and then hit the Pause/Break key.
Use the left and right arrow keys to move between the tabs until the Hardware tab is highlighted.
Press ALT-D to Open the Device Manager
Hit the Tab button if necessary to highlight your system name (at the top of the window), and then use the down arrow key to move to "Mice and other pointing devices".
Then hit the right arrow key to expand the entry, and the down arrow key to move down to the entry for your mouse (hitting the right arrow key again will do the same thing).
Then hit Enter to open the entry.
What does it say in the "Device status" window?

Some mice, like my Logitech mouse, is a USB mouse but comes with a PS/2 adapter. I had trouble with it as a USB device, but it worked fine using the PS/2 adapter. If you have that option, you can try using the mouse connected the other way.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 12 July 2008 - 10:39 AM

Thats how ive been moving around. with the tab button. but it doesn't always select all the 'clickable buttons'.

This time, 'mice an other pointing devices' didn't appear... why? my mouse IS connected, and apparently still works (the laser lights up every time i move the mouse).

I'll buy the mouse with the PS/2 adapter.

thanks again Joker!
Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 12 July 2008 - 01:45 PM

Not showing up in Hardware Manager makes it sound like the mouse is defective, and not being recognized by Windows. If you want to find a mouse you can borrow, you may want to try that first. Shut down the system, replace the mouse, and then power back up. Do you then see "Mice and other pointing devices"?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 15 August 2008 - 11:49 PM

hi again joker. I have a quick question. And I also noticed that I forgot to thank you for helping me out.

Thanks (and mouse works better now)


My question is... why did I get a weird trojan on my pc just by visiting a SAFE website?? Or is the trojan fake?
Here's what kaspersky detected (its only 1 trojan):

trojan-clicker.js.small.n
trojan program backdoor win32.ciadoor.gn

Infected: Trojan program Backdoor.Win32.Ciadoor.gn f:\system volume information\_restore{f63184ea-adfd-484e-87c9-4b72218feafe}\rp163\a0028534.exe 1.3 MB

Infected: Trojan program Backdoor.Win32.Ciadoor.gn f:\system volume information\_restore{f63184ea-adfd-484e-87c9-4b72218feafe}\rp163\a0028537.exe 1.3 MB



I later opened kaspersky and clicked on 'reports and data files', then i clicked on 'backup' and deleted both .exe files. Is that enough to delete the trojan? Thanks in advance and i'll wait patiently.


Juan




Edit: I forgot to post a logfile, sorry


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:10:41 a.m., on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Azureus\Azureus\Azureus.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8428 bytes

Edited by Dark Hobo, 16 August 2008 - 12:15 AM.

Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#14 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 16 August 2008 - 06:33 AM

My question is... why did I get a weird trojan on my pc just by visiting a SAFE website?? Or is the trojan fake?
Here's what kaspersky detected (its only 1 trojan):

trojan-clicker.js.small.n
trojan program backdoor win32.ciadoor.gn

Infected: Trojan program Backdoor.Win32.Ciadoor.gn f:\system volume information\_restore{f63184ea-adfd-484e-87c9-4b72218feafe}\rp163\a0028534.exe 1.3 MB

Infected: Trojan program Backdoor.Win32.Ciadoor.gn f:\system volume information\_restore{f63184ea-adfd-484e-87c9-4b72218feafe}\rp163\a0028537.exe 1.3 MB

Just like there is no antivirus or anti-malware scanner that will detect everything, there's no link scanner that will detect everything, and at least some of the link scanners rely on previously scanned results, and don't necessarily check the page right then in real-time....it might have been fine when they scanned it and added it to their database, but it may have been compromised between the time it was scanned and when you visited. But that file was in one of your Restore Points, so it probably didn't happen when you visited a site just now. It was one your system the last time a Restore Point was saved. That same trojan was also previously detected on your system.

I later opened kaspersky and clicked on 'reports and data files', then i clicked on 'backup' and deleted both .exe files. Is that enough to delete the trojan? Thanks in advance and i'll wait patiently.


It should be gone now, but this will also clear your Restore Points.

Create a Restore Point
  • Go to Start > Programs > Accessories > System Tools > System Restore
  • Select Create a Restore Point and then Next.
  • In the box for "Restore point description", enter a descriptive name and press Create
  • When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
  • Go to Start > Run and type the below line:
    cleanmgr
  • Click OK
    • If you have more than one drive, select the drive Windows is installed on
    • Click OK
  • When Disk Cleanup opens, select the More Options tab
  • In the System Restore section (bottom of window), click Cleanup
    • In the confirmation window that opens, click Yes
  • Now click on the Disk Cleanup tab and select the following items:
    • Downloaded Program Files
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  • Click OK
  • in the confirmation window, select Yes (Disk Cleanup will close).
There are several free utilities you can use to help keep malware off your system:

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.

IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at http://www.spywarewa...uc/resource.htm.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.

I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#15 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 16 August 2008 - 01:20 PM

There are several free utilities you can use to help keep malware off your system:

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.

IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at http://www.spywarewa...uc/resource.htm.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.

I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?



Ok, I created a new restore point and ran the disk cleanup. The only software I downloaded were JavaCool's SpywareBlaster and SpywareGuard. I think the others are for IE and I use Firefox. Or do these also work with Firefox?

Yes, my problems seem to be gone :thumbsup: . My PC is now clean. Is it now safe to shop online or to log in to sites? I wouldn't want someone to steal my login passwords and credit card information.
Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#16 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 16 August 2008 - 02:27 PM

The only software I downloaded were JavaCool's SpywareBlaster and SpywareGuard. I think the others are for IE and I use Firefox. Or do these also work with Firefox?

The HOSTS file should also work with FireFox.

Is it now safe to shop online or to log in to sites?

Since that was all Kaspersky found, you should be fine.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#17 Dark Hobo

Dark Hobo

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 16 August 2008 - 03:00 PM

Resolved!

Thanks so much Joker :hyper:

See ya later!

Juan
Are ya ready? If not, we can escape 666 /// Are you hungry? Because.... they are....
Are you rich? Then Donate or Donate!///
Your PC loves this site
/////////

#18 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 16 August 2008 - 04:06 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button