0

Svchost.exe is running at 90 to 100% i cannot run the windows installer it says error 1722.
apparently explorer was running as the same way but now it appears to be fixed by combofix.exe i hope but anyways here is my hjtlog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:45 PM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bayer\Compi\compi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Software\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.adobe.com/WebObjects/WEC?pageID=RegMp1&awe_301001&platformCode=WIN&version=5.0&nameCode=ACRO&languageCode=USENGLIS&systemCode=AOLN
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [MPMKrnl] rundll32 "C:\WINDOWS\MKMKrnl.dll",KMainProc
O4 - Global Startup: PC Information.lnk = C:\Program Files\Bayer\Compi\compi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb
O17 - HKLM\Software\..\Telephony: DomainName = DE.BAYER.cnb
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6254 bytes

5
Contributors
115
Replies
119
Views
8 Years
Discussion Span
Last Post by jazzyjaj
Featured Replies
  • You know what, I am at the point of really not caring anymore one way or another whether you do whatever I say. You have questioned every suggestion, you have refused to follow instructions and because of this the thread has gone on for 18 days, 12 pages and now … Read More

0

Who told you to run Combofix? This is an infection specific tool, NOT recommended unless specific symptoms are showing. Running it without supervision or being told to run it can cause damage to the computer.

Why are you running Windows Installer? What specific program are you trying to install?

0

hey johlland1964,
how are u, i hope u remember me but anyways.
look the whole situation is that i got a laptop in which i tried to install nortan antivirus but it keeps on getting hang at some stage and then give an error 1722 regarding windows installer furthermore svchost.exe is running at 100% and sometimes i see explorer.exe running the same way.
I hope this clears the situation.
by the way i think there is something wrong with my firewall as well.
as it does not allow to run updates in superantispyware which says it might be blocked

0

Yes jazzyjaj I do remember you. I went back and reviewed the last thread you had here. On that thread you had run multiple programs BEFORE you posted, including three runs at least of combofix and multiple other programs which are usually only run if a helper instructs a poster to do so. Is this that same computer or a different one? DID you run combofix on THIS computer before you made THIS thread?

0

no this is a different computer, that one was a desktop this one is a laptop.
i only ran combofix once after starting windows normally and once in safe mode. cause i forgot it has to be done in safe mode.
yes i posted here after running combofix

0

sorry i forgot to mention that i tried using the software which solved my previous problem SUPERAntiSpyware however it couldnt find anything other then adwares.
unfortunately i could not run the updater as it said it could be blocked by the firewall however this was not the case.

0

no this is a different computer, that one was a desktop this one is a laptop.
i only ran combofix once after starting windows normally and once in safe mode. cause i forgot it has to be done in safe mode.
yes i posted here after running combofix

Look, I told you in your previous thread and you obviously IGNORED my warning, Combofix is NOT A TOOL that should be run without first being told to do so. It is only for specific infections and you DON'T know what infections you have. It is a tool that is NOT run in Safe Mode, but should be run in NORMAL mode AND you say above you ran it once in normal mode and once in safe mode so you have run it twice on this computer. So you obviously don't know how to run this tool.
You say

SUPERAntiSpyware however it couldnt find anything other then adwares.
unfortunately i could not run the updater as it said it could be blocked by the firewall however this was not the case.

What was the Adware? Adware can be very dangerous.
One piece of Adware showing in your log is a program called Thunderwise which is also known as Adware.Thunderwise...it is a Backdoor Trojan. Very dangerous. You are also showing MKMKrnl.dll which is very dangerous and a fraudulent security program.

How do you know absolutely that your firewall DIDN'T block updates? I don't see a firewall on the system so is that how you knew this for sure...you don't have a firewall? How long have you been running this computer without an antivirus program?
I honestly don't see how I can help you. I haven't a clue as to what you have done for sure. You are not forthcoming with information, it has to be dragged out of you. Why didn't you run MBA-M? I have no idea what damage has been done to the computer with your running of combofix twice incorrectly. I don't know that any steps will work properly because for one thing you refuse to follow standard procedures but leap ahead to programs that maybe shouldn't be run at all. As shown in your last thread, you didn't follow any instructions I gave you in the order I gave them. You insisted on running programs I had not told you to run. I honestly don't know that I can go further because you refuse to follow instructions.

0

this time i will follow.
I am trying to find and download MBA-M i try it in safe mode then i will post again i hope u are still there in the process

0

MBA-M MUST BE DONE in NORMAL MODE. It is not set up to be run in Safe Mode. If run in Safe Mode it will NOT do the full work it was designed to do. Please Follow these instructions TO THE LETTER. I don't want you to do ANYTHING ELSE except what is posted below.

download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT THE COMPUTER
Run a new HJT scan. Post back with the MBA-M log and the new HJT log.

0

this is mba-m but in safe mode i am running it again now and will do only as told:

Malwarebytes' Anti-Malware 1.36
Database version: 2014
Windows 5.1.2600 Service Pack 2

4/20/2009 8:43:35 PM
mbam-log-2009-04-20 (20-43-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 133139
Time elapsed: 36 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 33
Registry Keys Infected: 96
Registry Values Infected: 35
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\D9C002DD.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\2EF0D734.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\erdznUfbK0ZF.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\hx7hWWpe.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\122B901E.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\etGBJk2YCXnM.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\A1A6BC2E.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\skcfujQ5EDN.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\dhDhwS7fFW.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\wBJk3Fs8ghs.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\ufQCU5.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\704C3595.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\A0C86020.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\STG4WdmetW2FP.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\08223B03.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\BMsg6pdMD4ht.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\76B9BA7A.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\GrTZqH5SnRhAt.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\56BC86C7.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\efc0c52cc1.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\wS0GWMZ.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\E4814792.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\VAHVqDG3.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\Fonts\Q9UnbAWWNuSv4.fon (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\peV7mS4gcukR.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\VnTU2WAqUcZA6.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\Nj4gYd3rUbJ57.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\Fonts\tY5UFS434YYd.fon (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\gggg6sZAbKcD.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\J9mfQxkJ.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\CCCA2FB9.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\3D144530.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d9c002dd-ea51-43a2-9009-54eaaaf031a4} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2ef0d734-21fd-4225-a1a2-bcd296182aaf} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{669029ee-81fb-496f-9ac4-fe838b16f231} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3b951ae1-ae1c-4e3b-9159-9bffeb56cce9} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{122b901e-493f-4ad9-bc69-7de8c3e52fcc} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{feacaf74-8d58-42f4-ab39-1cda51437347} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a1a6bc2e-c6a1-43c1-8884-a31d772f42b8} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{76cbcf38-0583-44c7-a1ae-d463dfe625ec} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36ac68e6-0c26-4d39-b98e-54b49dab6baa} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7b34ffc-2353-443b-b5ff-42f06417330d} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c722ad57-35da-4460-8353-328372f32ab2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{704c3595-db85-40f6-a601-8d6f346907bd} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a0c86020-5935-4b87-b20e-0b656d450264} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{de00760f-dc9f-46c2-9d4e-61b5bb810c51} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08223b03-1b38-4a33-a83a-a4d3cc1d6e4e} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{737858a9-9aea-4838-9b49-54da731f7f37} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76b9ba7a-81d0-4979-8598-8471f2ab5186} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e5cfe74-700b-4a8b-b0bf-a6b47d896c18} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{56bc86c7-0692-4f94-a2c1-6cf1dbf8096c} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{028a997c-4262-4107-bd46-2abbc6143e8c} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{609758cb-54e6-4c21-b57c-3407d9e232e8} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3a5700c3-2847-4cbe-a3e5-f0c394690c9a} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e4814792-efa3-4c20-93d0-8b130a59f9a8} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6af45c53-676c-451f-a4a9-dc8d61d9d46a} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ea25f4e7-8b67-452a-b9dd-b38c526250d3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{16e42559-9ed5-46fd-878e-dc5d42746bb5} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d267113-499a-4eef-998d-c45731c1b313} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aa4cd878-b510-4508-83eb-de968e358d15} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd95107f-52a5-42a4-9914-18949993e798} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6d4c7e08-e021-414c-a42d-ab15a2302196} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{deef6582-9927-4cbd-897c-6a1f9e8c47de} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b5cb70cb-3dee-4e2e-9911-4870175eab78} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fa3cad1-c5d8-48b9-800a-a7b2d2a23044} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ccca2fb9-2d5d-4481-8bfe-1cddc458a3f4} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3d144530-43da-47cc-b7c7-a3a9f3b9a6b2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{da191de0-aa86-4ed0-4b87-293d48b2ae99} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arvmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killhidepid.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravt08.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngPS.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Syscheck2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d9c002dd-ea51-43a2-9009-54eaaaf031a4} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2ef0d734-21fd-4225-a1a2-bcd296182aaf} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{669029ee-81fb-496f-9ac4-fe838b16f231} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3b951ae1-ae1c-4e3b-9159-9bffeb56cce9} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{122b901e-493f-4ad9-bc69-7de8c3e52fcc} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{feacaf74-8d58-42f4-ab39-1cda51437347} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a1a6bc2e-c6a1-43c1-8884-a31d772f42b8} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{76cbcf38-0583-44c7-a1ae-d463dfe625ec} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{36ac68e6-0c26-4d39-b98e-54b49dab6baa} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f7b34ffc-2353-443b-b5ff-42f06417330d} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c722ad57-35da-4460-8353-328372f32ab2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{704c3595-db85-40f6-a601-8d6f346907bd} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a0c86020-5935-4b87-b20e-0b656d450264} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{de00760f-dc9f-46c2-9d4e-61b5bb810c51} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{08223b03-1b38-4a33-a83a-a4d3cc1d6e4e} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{737858a9-9aea-4838-9b49-54da731f7f37} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{76b9ba7a-81d0-4979-8598-8471f2ab5186} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4e5cfe74-700b-4a8b-b0bf-a6b47d896c18} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{56bc86c7-0692-4f94-a2c1-6cf1dbf8096c} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{028a997c-4262-4107-bd46-2abbc6143e8c} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{609758cb-54e6-4c21-b57c-3407d9e232e8} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3a5700c3-2847-4cbe-a3e5-f0c394690c9a} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e4814792-efa3-4c20-93d0-8b130a59f9a8} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6af45c53-676c-451f-a4a9-dc8d61d9d46a} (Spyware.Onlinegames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ea25f4e7-8b67-452a-b9dd-b38c526250d3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{16e42559-9ed5-46fd-878e-dc5d42746bb5} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0d267113-499a-4eef-998d-c45731c1b313} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa4cd878-b510-4508-83eb-de968e358d15} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{cd95107f-52a5-42a4-9914-18949993e798} (Spyware.Onlinegames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\thunderadvise (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b5cb70cb-3dee-4e2e-9911-4870175eab78} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3fa3cad1-c5d8-48b9-800a-a7b2d2a23044} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ccca2fb9-2d5d-4481-8bfe-1cddc458a3f4} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3d144530-43da-47cc-b7c7-a3a9f3b9a6b2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\msnmsg (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\D9C002DD.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\2EF0D734.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\erdznUfbK0ZF.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\hx7hWWpe.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\122B901E.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\etGBJk2YCXnM.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\A1A6BC2E.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\skcfujQ5EDN.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\dhDhwS7fFW.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\wBJk3Fs8ghs.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\ufQCU5.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\704C3595.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\A0C86020.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\STG4WdmetW2FP.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\08223B03.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\BMsg6pdMD4ht.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\76B9BA7A.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\GrTZqH5SnRhAt.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\56BC86C7.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\efc0c52cc1.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\wS0GWMZ.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\E4814792.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\VAHVqDG3.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\Fonts\Q9UnbAWWNuSv4.fon (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\peV7mS4gcukR.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\VnTU2WAqUcZA6.dll (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\system32\Nj4gYd3rUbJ57.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\Fonts\tY5UFS434YYd.fon (Spyware.Onlinegames) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gggg6sZAbKcD.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\J9mfQxkJ.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\CCCA2FB9.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\3D144530.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Messenger\msgmr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temp\wmsetup.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\360F2V4N\A01[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\360F2V4N\A11[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\360F2V4N\A12[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\360F2V4N\A15[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\360F2V4N\A23[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\360F2V4N\A27[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\360F2V4N\adsup[1].dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\360F2V4N\update[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\9EVAX6ZR\A06[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\9EVAX6ZR\A26[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\9WGVGBWV\A07[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\9WGVGBWV\A13[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\9WGVGBWV\A16[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\9WGVGBWV\A17[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\9WGVGBWV\D55[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\BQO6URGS\A20[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EJ234JW7\adsup[1].dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EJ234JW7\adsup[2].dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ITYHKZMB\update[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ITYHKZMB\update[2].gif (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Framdee.ttf (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wmsetup.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\PrZWDcWgjaE3SQyr.ttf (Trojan.Agent) -> Quarantined and deleted successfully.

0

after running it normally then the new mba-m thenew log is:
Malwarebytes' Anti-Malware 1.36
Database version: 2014
Windows 5.1.2600 Service Pack 2

4/20/2009 9:14:07 PM
mbam-log-2009-04-20 (21-14-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 133680
Time elapsed: 16 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\HBKernel32.sys (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Nskhelper2.sys (Spyware.OnlineGames) -> Delete on reboot.

the new hjt log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:18 PM, on 4/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\PROGRA~1\LANDesk\LDClient\LDInventoryProvider.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bayer\Compi\compi.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Software\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.adobe.com/WebObjects/WEC?pageID=RegMp1&awe_301001&platformCode=WIN&version=5.0&nameCode=ACRO&languageCode=USENGLIS&systemCode=AOLN
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [MPMKrnl] rundll32 "C:\WINDOWS\MKMKrnl.dll",KMainProc
O4 - Global Startup: PC Information.lnk = C:\Program Files\Bayer\Compi\compi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb
O17 - HKLM\Software\..\Telephony: DomainName = DE.BAYER.cnb
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DE.BAYER.cnb
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5958 bytes

the svchost.exe is still running at 90-100%.
the svchost.exe is running in network service.

what do you think now could be the problem?

0

A good part of the problem is you refuse to follow instructions as given but insist on doing it your own way.
Why didn't you follow the instructions I gave you? Why did you insist on running it in safe mode after I specifically told you not to do so?
I may be done with this and leave you on your own. Even after I told you to follow instructions you didn't. If you know everything why then did you come here and ask for help?

0

any ways the windows installer runs ok now that i have been able to install symantec antivirus and updated it.
Please tell me what to do now as i got your instructions later then i had acted upon them but right now i am awaiting your orders.

0

Please look at these comments from Malwarebytes' Anti-Malware.org

Safe mode doesn't let MBAM load all it's drivers which are often necessary for the best detection and removal results. MBAM works in safe mode but is crippled, so if at all possible it should be used in normal mode in an admin account.


Now look at your scans....the first scan done in Safe Mode DID NOT FIND

Files Infected:
C:\WINDOWS\system32\drivers\HBKernel32.sys (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Nskhelper2.sys (Spyware.OnlineGames) -> Delete on reboot.

WHY? Because it was run in SAFE MODE. In Safe mode that scan took 36 minute(s), 35 second(s)
Now you ran the second scan in Normal Mode and those two files were found...because it was run in Normal Mode.
BUT for some reason that scan only took 16 minute(s), 15 second(s). Not normal time for a Full Scan.
See why I don't know what you are doing or what you have done correctly?
DID you reboot the computer after BOTH MBA-M scans and BEFORE you ran HJT?

0

no it is not i got this laptop from my moms office as a gift.
i think some of the settings from there

0

Are those LANDesk Software programs yours or from your Mom's office? Do they have to stay on there if they are from the office, in other words, are you allowed to remove them?

0

now the laptop is my personnel so i can do what ever i want with it. it is my property now.
I think they removed most of the things in it atleast that is what i was told but here it does not look that way.
I am not aware how to remove them.

0

I am not aware how to remove them.

Look in Add/Remove and see if they are listed there. If they are try to remove them there. Since this is now a personal computer I wouldn't think you would need them

0

ok i will try that once i get back home however the computer was running very slow

0

ok i will try that once i get back home however the computer was running very slow

And? Sorry but this is getting to be silly. Either you want the computer cleaned or not. Frankly, maybe you had better take it to a shop and let them clean it. I have better things to do than play around here. I have been trying to help you but evidently you doubt that.
You don't want to try any of the steps given, you give half of the information. You run tools not requested. You run requested tools incorrectly.
Since you doubt what I say or choose to ignore what I say I would have to figure you don't want my help.

0

i want u to help me get it done correctly, i dont trust people around here.
i will run your tools correctly and i do not doubt your knowledge.
I will do excatly what u told me to, remove LANDesk Software programs, from the PC but i will have to wait till i get back home and will get back to you once done.
do you want another hjt log after i have uninstalled the application?

0

by the way u can ask any detail u want and i will disclose in full.

0

I want you to attempt to UNINSTALL that LANDesk Software program from the computer. Reboot the computer then run a new HJT scan.

0

i could not find it in add/remove programs section.
i tried to locate a uninstall file in the program files\LANDESK directory but i could not find it.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.