Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Heavy Trojan Horse Infection [RESOLVED]

Started by Griffinz , Apr 08 2008 10:08 PM

  • This topic is locked This topic is locked

#1
Griffinz
Posted 08 April 2008 - 10:08 PM

Griffinz

    Member

  • Member
  • PipPip
  • 17 posts
Hi, G2Go

I just registered yesterday, and I am seeking urgent support. Here is my problem:

My Norton Anti-virus expired 2 months ago, and recently I installed AVG free edition and detected 861 Trojan horses on my computer. They are locked in my virus vault, and problem such as slow loading, and pop ups are occuring. I googled and saw resolved topics that dealt with problems similar to mine. So I read the rules of posting and tried to follow some steps before I post a HiJacks log and ask for support.

I cleaned my temporary internet files, and set a new restore point. Then I downloaded the anti-spyware scanners. I was asked to quarantine some viruses with the SuperAnti-Spyware program, and it asked me to reboot. After rebooting, the biggest problem of all occured: I couldn't log back on. It logs on, showing my desktop wallpaper for a brief second, then logs off immediately, going back to the log-in screen. I tried to run my computer in safe mode, and it does the exact same thing both for my account and the administrator account. I am now clueless as to what to do. I cannot access the desktop and can't do anything. I am posting this from another computer in the same house.

Thank you all in advance
Looking forward to your reply.

UPDATE (April 11, 2008)
I solved the above mentioned problem by using the recovery console of my XP cd. I typed in the command: copy userinit.exe wsaupdater.exe
So I glady report that I can access my desktop once again, but here I will list a few concerns before getting to the main problem.

Minor Concerns:

1) When I run AVG Spyware Scanner on safe mode, do I use the administrator account or my account? How come last time I tried, it didn't generate a report at the end even when I set the options right?
2) When I ran SuperAntispyware, and quarantined a few spywares it detected. It caused the login/logout problem that I mentioned. But did I manage to quarantine whatever spyware it was? Or does the problem still exist?
3) When I solved the problem with my recovery console, I copied userinit.exe with wsaupdater.exe, will wsaupdater.exe affect me in any negative way?
4) The Panda Scanner does not seem to generate a report for me after it finished scanning.

Main Concern:

Symptoms: Task Manager disfunctioning, Language Bar disappeared and cannot reset with language options, Slow Computer, Random Error Pop Ups, Websites opening by itself in my Opera Browser, causing me not able to use it (saying it's already open), Constant msepbe.dll being detected by AVG..

Various viruses detected by AVG include msepbe.dll, KvSc3.exE and too many others to mention. I tried to install HiJackthis, but msepbe.dll gets detected by AVG whenever I run it, and it doens't run in the end. I am as good as computer illiterate, so I have no idea what I should do.

Thanks in advance again.

Edited by Griffinz, 13 April 2008 - 06:55 PM.

  • 0

Advertisements

#2
sage5
Posted 11 April 2008 - 11:55 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Griffinz,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.

First I need you to download the following tools & save them to your Desktop.
Dr.Web CureIt


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouse click combo-fix's window while it's running. That may cause it to stall**


Run Dr.Web CureIt:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.


Please post the text from both of the above scans as your next Reply.

The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.


Cheers,

sage5
  • 0

#3
Griffinz
Posted 12 April 2008 - 12:30 AM

Griffinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello sage5, thank you very much for taking your time to help me. Before I carry out your instructions, I just have a few confirmations to make. When disabling Spybot-SD Resident, I unchecked the Resident box, but I cannot find TeaTimer anywhere. Also, does the Windows Defender apply to every computer?

Another concern is HijackThis, I downloaded the program, but it does not run. When I double click it, it loads, but it does not run. How do I post a Hijackthis log without it?
  • 0

#4
sage5
Posted 12 April 2008 - 12:45 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
What you have done is good, Defender will only be active if you have it loaded.

Please follow the steps below to temporarily disable Windows Defender
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender
Once your system has been deemed free from malware, you can re-enable Windows Defender's Real Time Protection.

Please continue with the rest of the instructions.

Cheers,

sage5
  • 0

#5
Griffinz
Posted 13 April 2008 - 01:21 PM

Griffinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi, Sage5! :) Sorry for replying late, but I was out the whole day yesterday. Before you read my logs, please read this first. When I ran Combo-Fix the first time and rebooted the computer, spybot S&D popped up and denied all the registry deletions (even though I disabled resident). So I ran Combo-Fix again, and this time it didn't delete anything. Spybot S&D popped up again with the same prompts, and I allowed the registry deletions. So the Combo-fix log I post below does not have any deletions. Is there any problems with that? :)

My Combo-fix Log:

ComboFix 08-04-11.5 - Allen Zhou 2008-04-12 0:05:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.657 [GMT -8:00]
Running from: C:\Documents and Settings\Allen Zhou\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-09 18:23 . 2008-04-09 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 22:43 . 2008-04-08 22:43 <DIR> d-------- C:\Program Files\Panda Security
2008-04-08 21:47 . 2008-04-08 21:49 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-07 19:06 . 2008-04-08 20:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 19:06 . 2008-04-07 19:06 <DIR> d-------- C:\Documents and Settings\Allen Zhou\Application Data\SUPERAntiSpyware.com
2008-04-07 19:06 . 2008-04-07 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 17:11 . 2008-04-07 17:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-06 22:36 . 2008-04-06 22:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-06 22:36 . 2008-04-11 20:51 <DIR> d-------- C:\Documents and Settings\Allen Zhou\Application Data\AVG7
2008-04-06 22:35 . 2008-04-07 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-06 22:35 . 2008-04-06 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-06 20:08 . 2008-04-06 21:40 348,820 --a------ C:\tempdat.dat
2008-04-06 18:49 . 2008-04-06 18:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 18:49 . 2008-04-06 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 15:30 . 2008-04-06 15:30 3 --a------ C:\WINDOWS\system32\ttjj4.ini
2008-04-06 15:29 . 2008-04-06 15:29 256 --a------ C:\WINDOWS\system32\msosptfs.dat
2008-04-04 09:38 . 2008-04-04 09:38 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-04-01 07:38 . 2008-04-01 18:40 1,640 ---hs---- C:\WINDOWS\system32\fjyjy.cfg
2008-03-29 19:46 . 2008-04-01 18:39 3,000 ---hs---- C:\WINDOWS\system32\jwlah.cfg
2008-03-29 19:46 . 2008-04-06 20:04 1,792 --a------ C:\WINDOWS\system32\msosping.dat
2008-03-29 19:46 . 2008-04-06 20:04 896 --a------ C:\WINDOWS\system32\msosmnsf.dat
2008-03-29 19:46 . 2008-03-29 22:33 416 ---hs---- C:\WINDOWS\system32\zdbfbd.cfg
2008-03-29 19:46 . 2008-03-29 19:46 256 --a------ C:\WINDOWS\system32\msosjtio.dat
2008-03-29 19:46 . 2008-03-29 19:46 256 --a------ C:\WINDOWS\system32\msosfmsq.dat
2008-03-29 19:45 . 2008-04-06 20:03 3,456 --a------ C:\WINDOWS\system32\msoscqit.dat
2008-03-29 19:45 . 2008-04-06 20:03 2,184 ---hs---- C:\WINDOWS\system32\xgnfn.cfg
2008-03-29 00:25 . 2008-04-01 18:39 1,096 ---hs---- C:\WINDOWS\system32\jzijj.cfg
2008-03-29 00:25 . 2008-03-29 00:25 144 ---hs---- C:\WINDOWS\system32\xbcvxb.cfg
2008-03-29 00:24 . 2008-04-06 20:04 3,544 ---hs---- C:\WINDOWS\system32\sehhter.cfg
2008-03-19 18:30 . 2007-09-07 19:39 22,755 --a------ C:\image.GHO
2008-03-15 11:01 . 2008-04-11 23:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 11:01 . 2008-03-15 11:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-14 12:13 . 2008-03-14 12:13 <DIR> d-------- C:\Program Files\iTunes
2008-03-14 12:13 . 2008-03-14 12:13 <DIR> d-------- C:\Program Files\iPod
2008-03-14 12:12 . 2008-03-14 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-14 12:10 . 2008-03-14 12:10 <DIR> d-------- C:\Program Files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 02:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-09 07:52 --------- d-----w C:\Program Files\MSN Messenger
2008-04-09 04:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 05:49 --------- d-----w C:\Program Files\Chinese Translator
2008-04-07 05:45 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Hamachi
2008-04-06 04:51 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Skype
2008-04-05 23:54 --------- d-----w C:\Program Files\Opera
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 19:11 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Ventrilo
2008-03-16 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-14 20:13 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Apple Computer
2008-03-03 07:02 --------- d-----w C:\Program Files\Windows Live
2008-03-02 01:11 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 01:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 00:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 19:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 15:51 32,696 ----a-w C:\Documents and Settings\Allen Zhou\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2006-12-14 22:29 24,576 --sh--w C:\WINDOWS\system32\interne.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_ 0.02.56.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-09 05:52:50 71,250 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-12 08:03:51 71,250 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-09 05:52:50 441,184 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-12 08:03:51 441,184 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D29DCEE0-457B-45A2-A92D-741B95B7723B}]
C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 13:46 57393]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-22 19:13 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-09 13:26 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="E:\allen zhou\programs\Quicktime\QTTask.exe" [2008-01-31 22:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"tciocp32"="C:\WINDOWS\tciocp32.exe" [ ]
"obdgiclv"="C:\WINDOWS\bgcvchue.exe" [ ]
"mfchlp32"="C:\WINDOWS\mfchlp32.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-06 22:35 579072]
"fmsbbqi"="C:\WINDOWS\fmsbbqi.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-06 22:35 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D29DCEE0-457B-45A2-A92D-741B95B7723B}"= C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys [ ]
"{50632D5C-B71B-4ba0-B012-3DC6F15C011B}"= C:\WINDOWS\system32\msosiocp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Loader.exe]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctfmon.exe]
Debugger=SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Allen Zhou^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Allen Zhou\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmergencyAutoRun]
C:\DigiNet_Center\EmergencyMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2007-11-11 23:51 5228080 C:\Program Files\eMule\eMule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 14:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 04:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Mythology\\aom.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Mythology\\aomx.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"E:\\Allen Zhou\\Games\\Gunbound\\ijji\\Gunbound Revolution\\GunBound.gme"=
"E:\\Allen Zhou\\Programs\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17151:TCP"= 17151:TCP:BitComet 17151 TCP
"17151:UDP"= 17151:UDP:BitComet 17151 UDP

S2 cqit;cqit;C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp3FB.tmp []
S2 dohs;dohs;C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp3F7.tmp []
S2 fmsq;fmsq;C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp53E.tmp []
S2 jtio;jtio;C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp41B.tmp []
S2 mnsf;mnsf;C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp409.tmp []
S2 ping;ping;C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp417.tmp []
S2 ptfs;ptfs;C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp19D.tmp []
S3 dump_wmimmc;dump_wmimmc;E:\Allen Zhou\Games\Gunbound\ijji\Gunbound Revolution\GameGuard\dump_wmimmc.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 17:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 07:33:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-12 08:00:59 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 00:06:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\cqit]
"ImagePath"="\??\C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp3FB.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dohs]
"ImagePath"="\??\C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp3F7.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\fmsq]
"ImagePath"="\??\C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp53E.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\jtio]
"ImagePath"="\??\C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp41B.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mnsf]
"ImagePath"="\??\C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp409.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ping]
"ImagePath"="\??\C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp417.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ptfs]
"ImagePath"="\??\C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp19D.tmp"
.
Completion time: 2008-04-12 0:06:52
ComboFix-quarantined-files.txt 2008-04-12 08:06:27
ComboFix2.txt 2008-04-12 08:03:15
Pre-Run: 7,264,329,728 bytes free
Post-Run: 7,251,787,776 bytes free
.
2008-04-09 06:05:11 --- E O F ---

My HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:08 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\Opera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gecontech...ok/bookmark.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Allen Zhou\Programs\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C5E87A05-F463-4841-B19E-DD3EC3862368} - (no file)
O2 - BHO: (no name) - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys (file missing)
O2 - BHO: (no name) - {EE12D60D-AD9A-4095-B839-3BE6862679FD} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\allen zhou\programs\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tciocp32] C:\WINDOWS\tciocp32.exe
O4 - HKLM\..\Run: [obdgiclv] C:\WINDOWS\bgcvchue.exe
O4 - HKLM\..\Run: [mfchlp32] C:\WINDOWS\mfchlp32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [fmsbbqi] C:\WINDOWS\fmsbbqi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Allen Zhou\Programs\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Allen Zhou\Programs\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Allen Zhou\Programs\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Allen Zhou\Programs\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://24.85.142.65
O15 - Trusted IP range: http://216.232.85.49
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppst...powerplayer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {479B29EF-9A2C-11D0-B696-00A0C903487A} (AtlFireCtl Class) - http://192.168.1.101/webview.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://192.168.1.16/jpgview.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11920 bytes
  • 0

#6
Griffinz
Posted 13 April 2008 - 01:24 PM

Griffinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
My DrWeb Log:

interne.exe;c:\windows\system32;Trojan.DownLoader.55879;Deleted.;
PopCapPluginInstaller.exe;E:\Allen Zhou\Downloads\Media Players\Shockwave;Program.PopcapLoader.origin;;
00128312.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00157453.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00162093.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00167250.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00179234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00181640.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00193890.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00194515.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00195421.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4407;Deleted.;
00196625.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00199968.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00204203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4316;Deleted.;
00205046.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00207515.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00207609.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00210843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00217015.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00218593.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4299;Deleted.;
00220484.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00221625.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00231234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00232812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00246234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00254156.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00255031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00255765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00257078.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00257437.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4293;Deleted.;
00261015.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00266890.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00268281.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00269250.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00275828.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00275875.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00287375.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00294140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00298765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00299968.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00301468.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00337359.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00340234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00344031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00347343.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00359609.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00362109.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00381437.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00392203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00396953.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00401265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00406500.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00407328.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00410812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00415531.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00415984.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00416109.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00418343.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00428125.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00440125.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00441718.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00448609.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00451000.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00457218.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00463140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00469406.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00483390.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00486187.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00490109.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00495437.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00508546.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00512125.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00514531.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00517765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00519484.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00522359.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00522421.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00535578.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00536437.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00547187.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00549734.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00550312.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00553953.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00561468.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00568203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00574250.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00588703.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00608171.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00623546.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00625812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00631218.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00643843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00654921.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00656015.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00676421.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00677828.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00686968.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00688890.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00701781.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00704296.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00719031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00737296.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00741843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00756562.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00793968.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00803343.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00830750.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00834531.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00835187.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00849531.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00855906.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00865921.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00875640.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00896031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00919484.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
00964281.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01019687.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01100890.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01123937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01151796.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01153875.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01167937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01175031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01275375.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01290906.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01312718.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01327312.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01413796.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01423312.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01454203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01462843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01483625.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01485109.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01498750.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01528234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01673984.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01695328.FIL;C:\$VAULT$.AVG;Tool.PortScan;;
01697687.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01699765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01704906.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01722203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01873515.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01875750.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01900000.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
01983515.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02010375.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02082640.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02099703.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02180203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02230875.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02251562.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02285765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02287515.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02333859.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02336859.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02422062.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02485593.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02487640.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02580843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02606765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02624218.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02648406.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02657234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02681140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02715265.FIL;C:\$VAULT$.AVG;Tool.PortScan;;
02738390.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02777218.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4315;Deleted.;
02788828.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
02791781.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4458;Deleted.;
02794453.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4376;Deleted.;
02796812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4289;Deleted.;
02798640.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4298;Deleted.;
02800406.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
02811687.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
02861843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03065078.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03180562.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03204390.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03208390.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4356;Deleted.;
03211093.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4356;Deleted.;
03276796.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03315921.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03318046.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03320234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03466687.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03513265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03573250.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4296;Deleted.;
03583468.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4148;Deleted.;
03590109.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4301;Deleted.;
03595734.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03603281.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4314;Deleted.;
03606375.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4206;Deleted.;
03608156.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03742734.FIL;C:\$VAULT$.AVG;Tool.PortScan;;
03811187.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
03856828.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03863312.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03869109.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03873750.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
03878937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
03881890.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
03886328.FIL;C:\$VAULT$.AVG;Trojan.Shua;Deleted.;
03889171.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.4543;Deleted.;
04021812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4299;Deleted.;
04027750.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4316;Deleted.;
04028875.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4407;Deleted.;
04029921.FIL;C:\$VAULT$.AVG;Tool.PortScan;;
04031953.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4299;Deleted.;
04033906.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4367;Deleted.;
04034875.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4367;Deleted.;
04037218.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4356;Deleted.;
04039046.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4356;Deleted.;
04105531.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
04232625.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
04379531.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
04699000.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
04712640.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
04748328.FIL;C:\$VAULT$.AVG;Tool.PortScan;;
04971718.FIL;C:\$VAULT$.AVG;Trojan.PWS.Gamania.origin;Incurable.Moved.;
04972687.FIL;C:\$VAULT$.AVG;Win32.HLLP.Lac;Cured.;
04972781.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
04972875.FIL\data001;C:\$VAULT$.AVG\04972875.FIL;Tool.PortScan;;
04972875.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
04973765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4407;Deleted.;
04974109.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
04974671.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4398;Deleted.;
04980187.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
05320062.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
05327046.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
05679078.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
05707140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
05769500.FIL;C:\$VAULT$.AVG;Tool.PortScan;;
05781781.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
05799796.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
05812812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
05922921.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
06414156.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
06499984.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
06502218.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
06593984.FIL;C:\$VAULT$.AVG;Tool.PortScan;;
07162937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
07707250.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
07709437.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
07722750.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
07736656.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
07738359.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
07851515.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08582250.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4300;Deleted.;
08582328.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
08582359.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4296;Deleted.;
08582421.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4139;Deleted.;
08582531.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4313;Deleted.;
08582578.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4206;Deleted.;
08582828.FIL;C:\$VAULT$.AVG;Trojan.Shua;Deleted.;
08582921.FIL;C:\$VAULT$.AVG;Win32.HLLP.Lac;Cured.;
08582953.FIL;C:\$VAULT$.AVG;Trojan.Shua;Deleted.;
08583000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583187.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08583234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583296.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583593.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
08583640.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583781.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08583812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08583937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08583984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
data001\data001;C:\$VAULT$.AVG\08584078.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08584078.FIL;Archive contains infected objects;;
08584078.FIL\data002;C:\$VAULT$.AVG\08584078.FIL;Trojan.DownLoader.55879;;
08584078.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08584140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584296.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584671.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
08584765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08584984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585671.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585734.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08585937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586578.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586640.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08586984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08587921.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588046.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08588109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588156.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588578.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588656.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08588953.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589406.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589546.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.4544;Deleted.;
08589609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08589937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590156.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.4544;Deleted.;
08590265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590468.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08590515.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.4544;Deleted.;
08590562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590640.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590734.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590781.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08590843.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08590953.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591250.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08591328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591453.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08591500.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591656.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591703.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591750.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08591875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591921.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08591968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592015.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592203.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592296.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592453.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08592500.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592750.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592921.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08592968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593125.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593296.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593578.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593703.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593921.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08593968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594125.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594671.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594750.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08594968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595062.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595125.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595296.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595640.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08595953.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596125.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596671.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596703.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596750.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08596984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597062.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597203.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597500.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597578.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597750.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597843.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08597968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598500.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598656.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08598937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599015.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599656.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599750.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08599968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600500.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600640.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600703.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08600953.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601015.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08601968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602578.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602656.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602921.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08602984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603062.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603187.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08603250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603656.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603734.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08603937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604156.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604406.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604500.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08604718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08604843.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08604843.FIL;Archive contains infected objects;;
08604843.FIL\data002;C:\$VAULT$.AVG\08604843.FIL;Trojan.DownLoader.55879;;
08604843.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08604968.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08605046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08605125.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08605296.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08605375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08605437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08605546.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08605625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08605718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08605828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08605937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606203.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606734.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08606937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.4544;Deleted.;
08607031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08607156.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08607250.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08607343.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08607421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08607546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08607625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08607703.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08607812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
08607937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08608015.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08608015.FIL;Archive contains infected objects;;
08608015.FIL\data002;C:\$VAULT$.AVG\08608015.FIL;Trojan.DownLoader.55879;;
08608015.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08608109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08608203.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08608296.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08608421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08608515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08608593.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08608687.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4197;Deleted.;
08608796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08609031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08609125.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
08609218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08609328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08609453.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08609562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08609687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08609984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610453.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08610937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611015.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08611984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612062.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612156.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612703.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08612812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08612937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08613046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08613140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08613250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08613390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08613484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08613562.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08613562.FIL;Archive contains infected objects;;
08613562.FIL\data002;C:\$VAULT$.AVG\08613562.FIL;Trojan.DownLoader.55879;;
08613562.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08613687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08613796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614703.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08614937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08615062.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08615187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08615312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08615421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08615546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08615656.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08615781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08615906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616015.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08616937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08617046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08617187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08617281.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08617390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08617484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08617625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08617765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08617937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08618031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08618140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08618234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08618328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08618437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08618515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08618593.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08618687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08618765.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08618765.FIL;Archive contains infected objects;;
08618765.FIL\data002;C:\$VAULT$.AVG\08618765.FIL;Trojan.DownLoader.55879;;
08618765.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08618859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08619000.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4190;Deleted.;
08619093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08619171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08619250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08619343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08619421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08619515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08619609.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.4544;Deleted.;
08619734.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08619843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08619953.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08620078.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08620156.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08620265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08620359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08620437.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08620515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08620593.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08620687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08620781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08620859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08620953.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621031.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08621359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08621531.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08621531.FIL;Archive contains infected objects;;
08621531.FIL\data002;C:\$VAULT$.AVG\08621531.FIL;Trojan.DownLoader.55879;;
08621531.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08621593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621671.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08621937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622015.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622109.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622203.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622281.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622703.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588
  • 0

#7
Griffinz
Posted 13 April 2008 - 01:31 PM

Griffinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
08622781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08622984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08623906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624453.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624656.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624750.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08624968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625328.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625421.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625500.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08625593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08625984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626156.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626250.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626343.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4288;Deleted.;
08626453.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08626531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626703.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08626968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08627046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08627140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08627218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08627312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08627390.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08627484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08627593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08627703.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08627796.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08627906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08628015.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08628093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08628187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08628281.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08628375.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08628484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08628578.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08628671.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08628781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08628890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08628984.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08629093.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08629187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08629281.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08629359.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08629468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08629562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08629671.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08629671.FIL;Archive contains infected objects;;
08629671.FIL\data002;C:\$VAULT$.AVG\08629671.FIL;Trojan.DownLoader.55879;;
08629671.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08629781.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08629875.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630015.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630203.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630312.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630406.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630500.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08630609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08630921.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631296.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631406.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631609.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08631921.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08632031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08632125.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08632218.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08632406.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08632484.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
08632593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08632687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08632781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08632890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08633000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08633078.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08633187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08633265.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08633359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08633484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08633593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08633718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08633859.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08633859.FIL;Archive contains infected objects;;
08633859.FIL\data002;C:\$VAULT$.AVG\08633859.FIL;Trojan.DownLoader.55879;;
08633859.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08634015.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08634125.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08634265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08634375.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08634546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08634687.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08634812.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08634984.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08635125.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08635437.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08635578.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
data001\data001;C:\$VAULT$.AVG\08635765.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08635765.FIL;Archive contains infected objects;;
08635765.FIL\data002;C:\$VAULT$.AVG\08635765.FIL;Trojan.DownLoader.55879;;
08635765.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08635890.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08636000.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
08636140.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08636281.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08636390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08636546.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08636718.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08636843.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08636968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08637093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08637234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08637343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08637484.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08637625.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08637765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08637890.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08638046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08638156.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08638281.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08638390.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08638546.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08638671.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08638796.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08638796.FIL;Archive contains infected objects;;
08638796.FIL\data002;C:\$VAULT$.AVG\08638796.FIL;Trojan.DownLoader.55879;;
08638796.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08638968.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08639093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08639234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08639343.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08639468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08639593.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08639703.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08639906.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08640015.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
08640234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4213;Deleted.;
08640343.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08640453.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.origin;Incurable.Moved.;
08640562.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
data001\data001;C:\$VAULT$.AVG\08640656.FIL\data001;Tool.PortScan;;
data001;C:\$VAULT$.AVG\08640656.FIL;Archive contains infected objects;;
08640656.FIL\data002;C:\$VAULT$.AVG\08640656.FIL;Trojan.DownLoader.55879;;
08640656.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
08640765.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08640906.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4268;Deleted.;
08641015.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
08641171.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4296;Deleted.;
08646671.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4268;Deleted.;
08647078.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4300;Deleted.;
08647296.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
08647750.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4139;Deleted.;
08647890.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4313;Deleted.;
08648031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.4544;Deleted.;
08648156.FIL;C:\$VAULT$.AVG;Probably MULDROP.Trojan;;
08648265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4206;Deleted.;
08648390.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.14478;Deleted.;
08648609.FIL;C:\$VAULT$.AVG;Trojan.Shua;Deleted.;
08649312.FIL;C:\$VAULT$.AVG;Trojan.PWS.Lineage.4544;Deleted.;
08649406.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4264;Deleted.;
08649625.FIL;C:\$VAULT$.AVG;Probably DLOADER.Trojan;;
08649828.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4264;Deleted.;
08649937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4288;Deleted.;
08650375.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4264;Deleted.;
08650500.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4288;Deleted.;
08650703.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4200;Deleted.;
08650828.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4201;Deleted.;
08651031.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4301;Deleted.;
08651140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4204;Deleted.;
08651234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4148;Deleted.;
08651437.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4254;Deleted.;
08651828.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4167;Deleted.;
08652203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4303;Deleted.;
08652468.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4148;Deleted.;
08652843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4206;Deleted.;
08653125.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4296;Deleted.;
08653234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4204;Deleted.;
08653359.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4303;Deleted.;
08653484.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4254;Deleted.;
08653609.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4204;Deleted.;
08653859.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4148;Deleted.;
08654125.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4301;Deleted.;
08654312.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4206;Deleted.;
08655140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4205;Deleted.;
08655265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4145;Deleted.;
08655562.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4018;Deleted.;
08655703.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4314;Deleted.;
08656062.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4314;Deleted.;
08656281.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4145;Deleted.;
08656546.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4201;Deleted.;
08656937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
08657093.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
08657203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4196;Deleted.;
08657328.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4196;Deleted.;
08657468.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
08657921.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
08658203.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4209;Deleted.;
08658937.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4211;Deleted.;
08659218.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4200;Deleted.;
08659312.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4301;Deleted.;
08659687.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4296;Deleted.;
08659843.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4206;Deleted.;
08660671.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4206;Deleted.;
08661125.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4145;Deleted.;
08663453.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4314;Deleted.;
08664015.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4204;Deleted.;
08664328.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4148;Deleted.;
08664468.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4211;Deleted.;
08664703.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4205;Deleted.;
08665234.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4201;Deleted.;
08666093.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.55588;Deleted.;
09675578.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
09788656.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
09790765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
09792093.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
09800375.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
10079437.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
11322265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
12621296.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
14442218.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
14929796.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
15411140.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
18125390.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
18522265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
20743421.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
20747796.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
20779265.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
20805765.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
21618640.FIL;C:\$VAULT$.AVG;Trojan.PWS.Wsgame.4203;Deleted.;
RegUBP2b-Allen Zhou.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

Here is my HijackThis uninstall list for your convinience:

Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe MPEG Encoder
Adobe Photoshop 6.0
Adobe Premiere 6.5
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe SVG Viewer
Advanced RealMedia Export Plug-in for Premiere 6.0
Age of Empires III
Apple Mobile Device Support
Apple Software Update
ASUS Enhanced Display Driver
AVG 7.5
BitComet 0.94
C-Media 3D Audio
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eMule VeryCD°æ
Google Earth
GTK+ 2.6.9 runtime environment
Guild Wars
Gunbound Revolution
Hamachi 1.0.2.4
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 3
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
NVIDIA Drivers
Opera 9.27
Paint.NET v3.10
Panda ActiveScan 2.0
PaperPort
PopCap Browser Plugin
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Simply Accounting by Sage 2006
Sims 2 Album 0.8.2
Skype™ 3.5
Smart Menus (Windows Live Toolbar)
SpeechRedist
Spybot - Search & Destroy
Tabbed Browsing (Windows Live Toolbar)
TC Native Essentials 2.02
TeamSpeak 2 RC2
The GIMP 2.2.9
The Sims 2
Unreal Tournament 2004
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URGE
Ventrilo Client
WD FAT32 Formatter
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

Thanks for your help so far sage5, I greatly appreciate it. My computer is already running at a faster pace. I now await your next instructions. :)
  • 0

#8
sage5
Posted 13 April 2008 - 06:15 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Griffinz,


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Allen Zhou\Programs\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} - (no file)
O2 - BHO: (no name) - {C5E87A05-F463-4841-B19E-DD3EC3862368} - (no file)
O2 - BHO: (no name) - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys (file missing)
O2 - BHO: (no name) - {EE12D60D-AD9A-4095-B839-3BE6862679FD} - (no file)
O4 - HKLM\..\Run: [tciocp32] C:\WINDOWS\tciocp32.exe
O4 - HKLM\..\Run: [obdgiclv] C:\WINDOWS\bgcvchue.exe
O4 - HKLM\..\Run: [mfchlp32] C:\WINDOWS\mfchlp32.exe
O4 - HKLM\..\Run: [fmsbbqi] C:\WINDOWS\fmsbbqi.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Allen Zhou\Programs\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Allen Zhou\Programs\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Allen Zhou\Programs\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Allen Zhou\Programs\BitComet\tools\BitCometBHO_1.1.9.24.dll
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppst...powerplayer.cab
O16 - DPF: {479B29EF-9A2C-11D0-B696-00A0C903487A} (AtlFireCtl Class) - http://192.168.1.101/webview.dll
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


I see you have BitComet & eMule installed on your system.
While these programs themselves are legal, most of the files downloaded with them, are not.
These programs can also be some of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling BitComet & eMule as outlined below.

Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    BitComet 0.94
    eMule VeryCD°æ
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Please take note of any other programs that you don't recognise in that list, and include them in your next response


Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\msosiocp.dll
C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\plugins\NvSys_55.Sys
C:\Program Files\Internet Explorer\plugins\NvWin_5.Jmp
E:\Allen Zhou\Programs\Internet Explorer\IEXPLORE32.Dat
E:\Allen Zhou\Programs\Internet Explorer\plugins\NvSys_55.Sys
E:\Allen Zhou\Programs\Internet Explorer\plugins\NvWin_5.Jmp
C:\WINDOWS\system32\interne.exe
C:\WINDOWS\system32\sehhter.cfg
C:\WINDOWS\system32\xbcvxb.cfg
C:\WINDOWS\system32\jzijj.cfg
C:\WINDOWS\system32\fjyjy.cfg
C:\WINDOWS\system32\jwlah.cfg
C:\WINDOWS\system32\msosping.dat
C:\WINDOWS\system32\msosmnsf.dat
C:\WINDOWS\system32\zdbfbd.cfg
C:\WINDOWS\system32\msosjtio.dat
C:\WINDOWS\system32\msosfmsq.dat
C:\WINDOWS\system32\msoscqit.dat
C:\WINDOWS\system32\xgnfn.cfg
C:\WINDOWS\system32\ttjj4.ini
C:\WINDOWS\system32\msosptfs.dat
C:\tempdat.dat
C:\WINDOWS\imsins.BAK

Driver::
cqit
dohs
fmsq
tio
mnsf
ping
ptfs

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D29DCEE0-457B-45A2-A92D-741B95B7723B}"=-
"{50632D5C-B71B-4ba0-B012-3DC6F15C011B}"=-


  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Cheers,

sage5
  • 0

#9
Griffinz
Posted 13 April 2008 - 07:01 PM

Griffinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Good evening,
Thanks for the reply, before the logs, can a few questions be answered?

1) I deleted BitComet and eMule. They are rarely used, but when they are needed, is there any safe way to use it? (Remove Program after usage?) Please give me some advice on that, thanks.

2) On the add/remove program list, there are many programs I don't recognize (they were there before my norton expired) since I am not the only user of this computer. Is there any way I can show you the list, or do I have to pick out the unrecognized programs manually one by one?

Combo-Fix Log:

ComboFix 08-04-11.5 - Allen Zhou 2008-04-13 17:40:35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.626 [GMT -8:00]
Running from: C:\Documents and Settings\Allen Zhou\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Allen Zhou\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\plugins\NvSys_55.Sys
C:\Program Files\Internet Explorer\plugins\NvWin_5.Jmp
C:\tempdat.dat
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\fjyjy.cfg
C:\WINDOWS\system32\interne.exe
C:\WINDOWS\system32\jwlah.cfg
C:\WINDOWS\system32\jzijj.cfg
C:\WINDOWS\system32\msoscqit.dat
C:\WINDOWS\system32\msosfmsq.dat
C:\WINDOWS\system32\msosiocp.dll
C:\WINDOWS\system32\msosjtio.dat
C:\WINDOWS\system32\msosmnsf.dat
C:\WINDOWS\system32\msosping.dat
C:\WINDOWS\system32\msosptfs.dat
C:\WINDOWS\system32\sehhter.cfg
C:\WINDOWS\system32\ttjj4.ini
C:\WINDOWS\system32\xbcvxb.cfg
C:\WINDOWS\system32\xgnfn.cfg
C:\WINDOWS\system32\zdbfbd.cfg
E:\Allen Zhou\Programs\Internet Explorer\IEXPLORE32.Dat
E:\Allen Zhou\Programs\Internet Explorer\plugins\NvSys_55.Sys
E:\Allen Zhou\Programs\Internet Explorer\plugins\NvWin_5.Jmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\tempdat.dat
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\fjyjy.cfg
C:\WINDOWS\system32\jwlah.cfg
C:\WINDOWS\system32\jzijj.cfg
C:\WINDOWS\system32\msoscqit.dat
C:\WINDOWS\system32\msosfmsq.dat
C:\WINDOWS\system32\msosjtio.dat
C:\WINDOWS\system32\msosmnsf.dat
C:\WINDOWS\system32\msosping.dat
C:\WINDOWS\system32\msosptfs.dat
C:\WINDOWS\system32\sehhter.cfg
C:\WINDOWS\system32\ttjj4.ini
C:\WINDOWS\system32\xbcvxb.cfg
C:\WINDOWS\system32\xgnfn.cfg
C:\WINDOWS\system32\zdbfbd.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CQIT
-------\Legacy_DOHS
-------\Legacy_FMSQ
-------\Legacy_MNSF
-------\Legacy_PING
-------\Legacy_PTFS
-------\Service_cqit
-------\Service_dohs
-------\Service_fmsq
-------\Service_mnsf
-------\Service_ping
-------\Service_ptfs


((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-12 00:13 . 2008-04-12 00:37 <DIR> d-------- C:\Documents and Settings\Allen Zhou\DoctorWeb
2008-04-09 18:23 . 2008-04-09 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 22:43 . 2008-04-13 17:31 <DIR> d-------- C:\Program Files\Panda Security
2008-04-07 19:06 . 2008-04-08 20:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 19:06 . 2008-04-07 19:06 <DIR> d-------- C:\Documents and Settings\Allen Zhou\Application Data\SUPERAntiSpyware.com
2008-04-07 19:06 . 2008-04-07 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 17:11 . 2008-04-07 17:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-06 22:36 . 2008-04-06 22:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-06 22:36 . 2008-04-13 17:44 <DIR> d-------- C:\Documents and Settings\Allen Zhou\Application Data\AVG7
2008-04-06 22:35 . 2008-04-07 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-06 22:35 . 2008-04-06 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-06 18:49 . 2008-04-06 18:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 18:49 . 2008-04-06 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 09:38 . 2008-04-04 09:38 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-03-19 18:30 . 2007-09-07 19:39 22,755 --a------ C:\image.GHO
2008-03-15 11:01 . 2008-04-13 17:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 11:01 . 2008-03-15 11:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-14 12:13 . 2008-03-14 12:13 <DIR> d-------- C:\Program Files\iTunes
2008-03-14 12:13 . 2008-03-14 12:13 <DIR> d-------- C:\Program Files\iPod
2008-03-14 12:12 . 2008-03-14 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-14 12:10 . 2008-03-14 12:10 <DIR> d-------- C:\Program Files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 01:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 01:35 --------- d-----w C:\Program Files\eMule
2008-04-14 01:34 --------- d-----w C:\Program Files\Java
2008-04-14 01:31 --------- d-----w C:\Program Files\PopCap Games
2008-04-10 02:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-09 07:52 --------- d-----w C:\Program Files\MSN Messenger
2008-04-09 04:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 05:49 --------- d-----w C:\Program Files\Chinese Translator
2008-04-07 05:45 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Hamachi
2008-04-06 04:51 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Skype
2008-04-05 23:54 --------- d-----w C:\Program Files\Opera
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 19:11 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Ventrilo
2008-03-16 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-14 20:13 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Apple Computer
2008-03-03 07:02 --------- d-----w C:\Program Files\Windows Live
2008-03-02 01:11 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 01:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 00:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 19:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 15:51 32,696 ----a-w C:\Documents and Settings\Allen Zhou\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_ 0.02.56.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-09 05:52:50 71,250 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-12 08:03:51 71,250 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-09 05:52:50 441,184 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-12 08:03:51 441,184 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 13:46 57393]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-22 19:13 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-09 13:26 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="E:\allen zhou\programs\Quicktime\QTTask.exe" [2008-01-31 22:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-06 22:35 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-06 22:35 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Loader.exe]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctfmon.exe]
Debugger=SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Allen Zhou^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Allen Zhou\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmergencyAutoRun]
C:\DigiNet_Center\EmergencyMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\eMule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 14:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 04:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Mythology\\aom.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Mythology\\aomx.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"E:\\Allen Zhou\\Games\\Gunbound\\ijji\\Gunbound Revolution\\GunBound.gme"=
"D:\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17151:TCP"= 17151:TCP:BitComet 17151 TCP
"17151:UDP"= 17151:UDP:BitComet 17151 UDP

S2 jtio;jtio;C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp41B.tmp []
S3 dump_wmimmc;dump_wmimmc;E:\Allen Zhou\Games\Gunbound\ijji\Gunbound Revolution\GameGuard\dump_wmimmc.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 17:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-14 01:33:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 17:44:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jtio]
"ImagePath"="\??\C:\DOCUME~1\ALLENZ~1\LOCALS~1\Temp\tmp41B.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-13 17:49:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 01:49:13
ComboFix2.txt 2008-04-12 08:06:53
ComboFix3.txt 2008-04-12 08:03:15
Pre-Run: 7,408,078,848 bytes free
Post-Run: 7,395,872,768 bytes free
.
2008-04-09 06:05:11 --- E O F ---

New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:38 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gecontech...ok/bookmark.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\allen zhou\programs\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://24.85.142.65
O15 - Trusted IP range: http://216.232.85.49
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://192.168.1.16/jpgview.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9986 bytes

Cheers, :)
Griffinz.
  • 0

#10
sage5
Posted 14 April 2008 - 12:07 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Griffinz,

The whole use of P2P programs, like BitTorrent & EMule, is risky for a number of reasons:
I will just deal with the security issues, without opening the ethical/copyright can of worms.

a) Most of these apps require some form of "port forwarding". This involves forcing router ports to be open to the internet, reducing the security of your hardware/software firewall.

b) You have no way of knowing that what you are downloading is infected/compromised.

c) You also have no way of knowing what potentially harmful malware is running on the PCs you are connected to.

d) Many of the P2P & crack/keygen sites are responsible for "drive-by" infections, which then load other malware onto your PC later.

I have had a look at your uninstall list & there isn't much worth worrying about in it.
These should be the last deletions

Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:

File::

Folder::
C:\Program Files\eMule

Driver::
jtio

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword]


  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Cheers,

sage5
  • 0

Advertisements

#11
Griffinz
Posted 14 April 2008 - 05:45 PM

Griffinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hey, sage5. :)

An update on the current state of my computer before the logs. It is running at a decent speed, AVG and Spybot S&D is no longer popping up constantly. My task manager is fully functional again. However, there is still up to a total of 100-200 Trojan Horses located in my AVG virus vault (incl. Trojan Horse PSW.OnlineGames.AJPS, and Trojan Horse Generic#.BIAL/OYL, as well as a small amount of Trojan Horse VB.BFV, one Trojan Horse Delf.EIO|, and one Trojan Horse Downloader.Generic7.EGM.

Also, my language bar has always been to the left of my system tray on the bottom right-hand corner, but I cannot get it to show up (inability to type other languages). But anyways, here are my logs:

Combo-Fix:

ComboFix 08-04-11.5 - Allen Zhou 2008-04-14 16:26:59.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.655 [GMT -8:00]
Running from: C:\Documents and Settings\Allen Zhou\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Allen Zhou\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\eMule
C:\Program Files\eMule\config\AC_BootstrapIPs.dat
C:\Program Files\eMule\config\AC_SearchStrings.dat
C:\Program Files\eMule\config\AC_ServerMetURLs.dat
C:\Program Files\eMule\config\addresses.dat
C:\Program Files\eMule\config\antiLeech.dll
C:\Program Files\eMule\config\cancelled.met
C:\Program Files\eMule\config\CatInit.ini
C:\Program Files\eMule\config\clients.met
C:\Program Files\eMule\config\clients.met.bak
C:\Program Files\eMule\config\countryflag.dll
C:\Program Files\eMule\config\cryptkey.dat
C:\Program Files\eMule\config\emfriends.met
C:\Program Files\eMule\config\ip-to-country.csv
C:\Program Files\eMule\config\ipfilter.dat
C:\Program Files\eMule\config\key_index.dat
C:\Program Files\eMule\config\known.met
C:\Program Files\eMule\config\known2_64.met
C:\Program Files\eMule\config\load_index.dat
C:\Program Files\eMule\config\nodes.dat
C:\Program Files\eMule\config\preferences.dat
C:\Program Files\eMule\config\preferences.ini
C:\Program Files\eMule\config\preferencesKad.dat
C:\Program Files\eMule\config\server.met
C:\Program Files\eMule\config\shareddir.dat
C:\Program Files\eMule\config\src_index.dat
C:\Program Files\eMule\config\staticservers.dat
C:\Program Files\eMule\config\statistics.ini
C:\Program Files\eMule\config\UPnp.dat
C:\Program Files\eMule\config\webservices.dat
C:\Program Files\eMule\config\wordfilter.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JTIO
-------\Service_jtio


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-12 00:13 . 2008-04-12 00:37 <DIR> d-------- C:\Documents and Settings\Allen Zhou\DoctorWeb
2008-04-09 18:23 . 2008-04-09 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 22:43 . 2008-04-13 17:31 <DIR> d-------- C:\Program Files\Panda Security
2008-04-07 19:06 . 2008-04-08 20:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 19:06 . 2008-04-07 19:06 <DIR> d-------- C:\Documents and Settings\Allen Zhou\Application Data\SUPERAntiSpyware.com
2008-04-07 19:06 . 2008-04-07 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 17:11 . 2008-04-07 17:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-06 22:36 . 2008-04-06 22:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-06 22:36 . 2008-04-14 08:06 <DIR> d-------- C:\Documents and Settings\Allen Zhou\Application Data\AVG7
2008-04-06 22:35 . 2008-04-07 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-06 22:35 . 2008-04-06 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-06 18:49 . 2008-04-06 18:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 18:49 . 2008-04-06 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 09:38 . 2008-04-04 09:38 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-03-19 18:30 . 2007-09-07 19:39 22,755 --a------ C:\image.GHO
2008-03-15 11:01 . 2008-04-14 16:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-15 11:01 . 2008-03-15 11:01 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 01:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 01:34 --------- d-----w C:\Program Files\Java
2008-04-14 01:31 --------- d-----w C:\Program Files\PopCap Games
2008-04-10 02:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-09 07:52 --------- d-----w C:\Program Files\MSN Messenger
2008-04-09 04:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 05:49 --------- d-----w C:\Program Files\Chinese Translator
2008-04-07 05:45 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Hamachi
2008-04-06 04:51 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Skype
2008-04-05 23:54 --------- d-----w C:\Program Files\Opera
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 19:11 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Ventrilo
2008-03-16 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-14 20:13 --------- d-----w C:\Program Files\iTunes
2008-03-14 20:13 --------- d-----w C:\Program Files\iPod
2008-03-14 20:13 --------- d-----w C:\Documents and Settings\Allen Zhou\Application Data\Apple Computer
2008-03-14 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-14 20:10 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-03 07:02 --------- d-----w C:\Program Files\Windows Live
2008-03-02 01:11 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-02 01:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 00:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 19:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 15:51 32,696 ----a-w C:\Documents and Settings\Allen Zhou\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_ 0.02.56.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-09 05:52:50 71,250 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-12 08:03:51 71,250 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-09 05:52:50 441,184 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-12 08:03:51 441,184 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00 455168]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 13:46 57393]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-06-22 19:13 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-09 13:26 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="E:\allen zhou\programs\Quicktime\QTTask.exe" [2008-01-31 22:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-06 22:35 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-06 22:35 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Loader.exe]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ctfmon.exe]
Debugger=SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep]
Debugger=svchost.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Allen Zhou^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Allen Zhou\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmergencyAutoRun]
C:\DigiNet_Center\EmergencyMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2004-04-14 14:04 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 04:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Mythology\\aom.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Mythology\\aomx.exe"=
"E:\\Allen Zhou\\Games\\Age of Empires\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"E:\\Allen Zhou\\Games\\Gunbound\\ijji\\Gunbound Revolution\\GunBound.gme"=
"D:\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17151:TCP"= 17151:TCP:BitComet 17151 TCP
"17151:UDP"= 17151:UDP:BitComet 17151 UDP

S3 dump_wmimmc;dump_wmimmc;E:\Allen Zhou\Games\Gunbound\ijji\Gunbound Revolution\GameGuard\dump_wmimmc.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 17:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 00:33:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 16:30:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-14 16:33:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 00:33:23
ComboFix2.txt 2008-04-14 01:49:20
ComboFix3.txt 2008-04-12 08:06:53
ComboFix4.txt 2008-04-12 08:03:15
Pre-Run: 7,376,392,192 bytes free
Post-Run: 7,362,338,816 bytes free
.
2008-04-09 06:05:11 --- E O F ---

New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:12 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gecontech...ok/bookmark.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\allen zhou\programs\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://24.85.142.65
O15 - Trusted IP range: http://216.232.85.49
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C6A03519-BA6F-438E-AF3A-878F11521CA5} (JpgView Control) - http://192.168.1.16/jpgview.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9990 bytes

Thanks sage5, awaiting your response.
:), Griffinz.
  • 0

#12
sage5
Posted 14 April 2008 - 08:53 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Griffinz,


Regarding the files in your AVG Vault, they are safely stored there & cannot run, but will be taking up hard drive space. See item 239 Here for information on managing the Vault

The Language Bar seems it may have got reset during the fix. Have a look Here for help with it.


Now the good news...

Your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Time for some housekeeping:
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image


To Clear Restore points, please do the following:
  • Go to Start > Settings > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.


Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
AVG Anti-Spyware is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5
  • 0

#13
Griffinz
Posted 14 April 2008 - 09:41 PM

Griffinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you so much for the kind assistance. Now I have some last minute questions before this is resolved.

1) "You can do it selectively from AVG Virus Vault program -> select files -> delete. Or you can delete all AVG Virus Vault contents in one go: - Open the AVG Control Center program -> right click on "AVG Virus Vault" tab -> choose "Empty vault"." Is it safe to use this method to empty my AVG virus vault to free up space?

2) If I choose to uninstall AVG Free Edition and download Avast which you have suggested, are the viruses in the vault going to break free?

3) Should I install Comodo Firewall 32bit, or 64bit? There seems to be an error0 when I run installation for 64bit.

4) Spybot S&D compared to AVG Anti-Spyware, which is a better choice?

5) Should I keep HijackThis and DrWeb Cureit?

6) Having both a spyware prevention and a spyware detection, would that conflict?

7) What do I do if all of my language bar options are grayed out?

Thanks sage5,
I think the problem is resolved.
Thank you again for spending time to help me with this problem. Given that I am reluctant to donate money, I don't know how else to thank you. :)

-Griffinz

Edited by Griffinz, 14 April 2008 - 11:05 PM.

  • 0

#14
sage5
Posted 14 April 2008 - 11:27 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Griffinz,

1) "You can do it selectively from AVG Virus Vault program -> select files -> delete. Or you can delete all AVG Virus Vault contents in one go: - Open the AVG Control Center program -> right click on "AVG Virus Vault" tab -> choose "Empty vault"." Is it safe to use this method to empty my AVG virus vault to free up space?

Because you have in mind to delete AVG anyway I would definitely empty the Vault first, using the "Empty vault" command.


2) If I choose to uninstall AVG Free Edition and download Avast which you have suggested, are the viruses in the vault going to break free?

No, those files have been "encrypted" in the vault, so they cannot run. I would off the lot of them, see above.


3) Should I install Comodo Firewall 32bit, or 64bit? There seems to be an error0 when I run installation for 64bit.

Your Windows is a standard 32bit edition, so use the 32bit application. 64bit is only for 64bit WinXP & Vista & will not load or run in a 32bit environment.


4) Spybot S&D compared to AVG Anti-Spyware, which is a better choice?

AVG anti-spyware is currently superior at removing some of the harder hitting malware, so I think a better choice.


5) Should I keep HijackThis and DrWeb Cureit?

I would keep HijackThis, Dr. Web on the othr hand, I think you can get rd of.


6) Having both a spyware prevention and a spyware detection, would that conflict?

No, providing that only 1 of them is providing Real-time Protection. So you could have AVG Anti-Spyware offering realtime protection & use something like
Malwarebytes' Anti-Malware as an extra on demand scanner.
2 apps with Realtime enabled will conflict & cause problems.


7) What do I do if all of my language bar options are grayed out?

Check out this thread Here. Start at Post #6 & work down the list.


Cheers,

sage5
  • 0

#15
Griffinz
Posted 15 April 2008 - 12:29 AM

Griffinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Language Bar Preferences can be opened if I uncheck "turn off advanced text services" in system configurations. But when I click on the Language Bar Preferences, the four options within are grayed out which includes "show the language bar on the desktop". And as soon as I close the regional and language options, the "turn off advanced text services" would automatically be checked again and so on.

As for my computer, I have successfully installed Comodo Firewall Pro, AVG Anti-Spyware, Avira AntiVir Personal, and Spyware Blaster. It feels safe, :), so techincally this topic can now be closed as resolved, but do you happen to have any clues about how to make my language bar appear again? :)

Thanks,
:)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP