Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse PSW.OnlineGames [RESOLVED]


  • This topic is locked This topic is locked

#31
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
no red entries in the ICESWORD prog under all 3 tabs.
  • 0

Advertisements


#32
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. do this..


delete your ComboFix and AVZ folder from your Desktop.. We will download a new copy..


Please download these programs and save them to your Desktop.. Don't do anything with it yet... we will need them later.. You have to be online to do this..

AVZ4
Dr.Web CureIt
AVPTool by Kaspersky


Now do below...

In online mode..


  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


After updating AVZ4, please physically goes offline (disconnect from internet) and do below..


Dr.Web CureIt! step
  • Please reboot into Safe Mode
  • Once you are in Safe Mode, double-click the launch.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.




NEXT


Still within Safe Mode, AVP Tool by Kaspersky step
  • Double click the setup file to run and install it.
  • By default it will install to your Desktop (as Kaspersky Lan Tool folder)
  • A Kaspersky Virus Removal Tool window will open. There will be a tab that says Automatic Scan.
  • Under Automatic Scan make sure these are checked.
    • [1.] System Memory
      [2.] Startup Objects
      [3.] Disk Boot Sectors.
      [4.] My Computer.
      [5.] Also any other drives (Removable that you may have)
  • Then click on Scan button.
  • It will automatically Neutralize any objects found.
  • If some objects are left unneutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized, then chooose the Delete option when prompted.
  • After that is done click on the Report button at the bottom and save it to file name as Kas.
  • Save it somewhere convenient like your Desktop and just post only the detected Virus\malware in the report. It will be at the very top under Detected. Post those results in your next reply.
  • When you close the AVPTool, you will be asked to uninstall the program.. Choose Yes..




NEXT




1. Start AVZ.
2. Choose from the menu File => Standard scripts and mark the 3. Healing/Quarantine and Advanced System Investigation check box.
3. Click on the Execute selected scripts.
4. Automatic scanning, healing and system check will be executed.
5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
7. All applications will work properly after the system restart.



  • After that, please restart AVZ again,
  • From the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply, along with a fresh DSS log




Please post the following logs in your next reply..

1. Dr.Web CureIt!
2. The detected Virus\malware in the report in AVP Tool
3. Attach virusinfo_syscheck.htm


Still, please stay offline with this computer..


Regards
fenzodahl512

Edited by fenzodahl512, 09 August 2008 - 08:53 PM.

  • 0

#33
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Do I download the programs using my comp or another comp, since I have to be online to do it?
  • 0

#34
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Do I download the programs using my comp or another comp, since I have to be online to do it?


Hi.. Download all programs with that infected computer.. Then update your AVZ4 also with the infected computer.. Then you have to go offline and continue alll the process offline.. And post the logs via a different computer.. :)
  • 0

#35
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Dr Web CureIt

knx32.exe;c:\windows\system32;Probably MULDROP.Trojan;Incurable.Moved.;
NUSNET Diagnostic Tool v1.3.exe\data001;C:\NUS Network Starterkit\NUSNET Diagnostic Tool v1.3.exe;Probably BACKDOOR.Trojan;;
NUSNET Diagnostic Tool v1.3.exe;C:\NUS Network Starterkit;Archive contains infected objects;Moved.;
NUSNET Join Domain v1.4.exe\data001;C:\NUS Network Starterkit\NUSNET Join Domain v1.4.exe;Probably BACKDOOR.Trojan;;
NUSNET Join Domain v1.4.exe;C:\NUS Network Starterkit;Archive contains infected objects;Moved.;
aliens.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
baccops.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
cmonos.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.6861;Deleted.;
ddserh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
dndsaf.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
fsrgeb.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
hhrdxd.dll.vir\data001;C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll.vir;Trojan.PWS.Gamania.origin;;
hhrdxd.dll.vir\data002;C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll.vir;Trojan.PWS.Gamania.origin;;
hhrdxd.dll.vir\data003;C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll.vir;Trojan.PWS.Gamania.origin;;
hhrdxd.dll.vir\data004;C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll.vir;Trojan.PWS.Gamania.origin;;
hhrdxd.dll.vir\data005;C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll.vir;Trojan.PWS.Gamania.origin;;
hhrdxd.dll.vir\data006;C:\QooBox\Quarantine\C\WINDOWS\system32\hhrdxd.dll.vir;Trojan.PWS.Gamania.origin;;
hhrdxd.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Archive contains infected objects;Moved.;
hhrdxd.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.origin;Invalid path to file ;
jdsaex.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
jhfrxz.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
jolinos.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.6827;Deleted.;
kgfghd.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
mttwfh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12991;Deleted.;
offscrl.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.13003;Deleted.;
rmbsony.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.6862;Deleted.;
sgdewg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
tdfhex.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
therbrek.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.6859;Deleted.;
wrqszl.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
wzcfsw.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
xpsbos.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.6864;Deleted.;
ytfa.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Wsgame.6832;Deleted.;
zgtwfx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
zsdgff.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
Dc4.exe\327882R2FWJFW\psexec.cfexe;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc4.exe;Program.PsExec.171;;
Dc4.exe;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500;Archive contains infected objects;Moved.;
avz00007.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00008.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00009.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00010.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00011.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00016.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00017.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00018.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00019.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00020.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00024.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00025.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00026.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00027.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00028.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00030.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00031.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00033.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00034.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00036.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00041.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.6864;Deleted.;
avz00042.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00043.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00044.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00045.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00046.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.6864;Deleted.;
avz00047.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00048.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00049.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00050.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00051.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00052.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00053.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00054.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00055.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00056.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00057.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00058.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00059.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00060.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00061.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00062.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00063.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00064.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00065.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00066.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00067.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00068.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00069.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00070.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00071.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00072.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00073.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00074.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00075.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00084.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12991;Deleted.;
avz00085.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00086.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00087.dta\data001;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00087.dta;Trojan.PWS.Gamania.origin;;
avz00087.dta\data002;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00087.dta;Trojan.PWS.Gamania.origin;;
avz00087.dta\data003;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00087.dta;Trojan.PWS.Gamania.origin;;
avz00087.dta\data004;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00087.dta;Trojan.PWS.Gamania.origin;;
avz00087.dta\data005;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00087.dta;Trojan.PWS.Gamania.origin;;
avz00087.dta\data006;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00087.dta;Trojan.PWS.Gamania.origin;;
avz00087.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Archive contains infected objects;Moved.;
avz00087.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.origin;Invalid path to file ;
avz00088.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00089.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00090.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00091.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00092.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12991;Deleted.;
avz00093.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00094.dta\data001;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00094.dta;Trojan.PWS.Gamania.origin;;
avz00094.dta\data002;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00094.dta;Trojan.PWS.Gamania.origin;;
avz00094.dta\data003;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00094.dta;Trojan.PWS.Gamania.origin;;
avz00094.dta\data004;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00094.dta;Trojan.PWS.Gamania.origin;;
avz00094.dta\data005;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00094.dta;Trojan.PWS.Gamania.origin;;
avz00094.dta\data006;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00094.dta;Trojan.PWS.Gamania.origin;;
avz00094.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Archive contains infected objects;Moved.;
avz00094.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.origin;Invalid path to file ;
avz00095.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00096.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00097.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00098.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00099.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00100.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00101.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00102.dta\data001;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00102.dta;Trojan.PWS.Gamania.origin;;
avz00102.dta\data002;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00102.dta;Trojan.PWS.Gamania.origin;;
avz00102.dta\data003;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00102.dta;Trojan.PWS.Gamania.origin;;
avz00102.dta\data004;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00102.dta;Trojan.PWS.Gamania.origin;;
avz00102.dta\data005;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00102.dta;Trojan.PWS.Gamania.origin;;
avz00102.dta\data006;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00102.dta;Trojan.PWS.Gamania.origin;;
avz00102.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Archive contains infected objects;Moved.;
avz00102.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.origin;Invalid path to file ;
avz00103.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00104.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00105.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00106.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00107.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12991;Deleted.;
avz00108.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00109.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00110.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00111.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00112.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.6864;Deleted.;
avz00113.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
avz00114.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Wsgame.6864;Deleted.;
avz00115.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00116.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00117.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00118.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00119.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00120.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12991;Deleted.;
avz00121.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.12822;Deleted.;
avz00122.dta\data001;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00122.dta;Trojan.PWS.Gamania.origin;;
avz00122.dta\data002;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00122.dta;Trojan.PWS.Gamania.origin;;
avz00122.dta\data003;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00122.dta;Trojan.PWS.Gamania.origin;;
avz00122.dta\data004;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00122.dta;Trojan.PWS.Gamania.origin;;
avz00122.dta\data005;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00122.dta;Trojan.PWS.Gamania.origin;;
avz00122.dta\data006;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07\avz00122.dta;Trojan.PWS.Gamania.origin;;
avz00122.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Archive contains infected objects;Moved.;
avz00122.dta;C:\RECYCLER\S-1-5-21-354220152-3772532404-1808687764-500\Dc3\Quarantine\2008-08-07;Trojan.PWS.Gamania.origin;Invalid path to file ;
A0044572.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP218;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0044573.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP218;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048710.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Gamania.12822;Deleted.;
A0048711.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048712.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048713.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Gamania.12822;Deleted.;
A0048714.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Wsgame.6827;Deleted.;
A0048715.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Gamania.12822;Deleted.;
A0048717.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Gamania.12822;Deleted.;
A0048754.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048755.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP222;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048782.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Gamania.12822;Deleted.;
A0048783.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048784.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048785.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Gamania.12822;Deleted.;
A0048786.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Wsgame.6827;Deleted.;
A0048787.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Gamania.12822;Deleted.;
A0048788.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Gamania.12822;Deleted.;
A0048815.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223\A0048815.exe;Program.PsExec.171;;
A0048815.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Archive contains infected objects;Moved.;
A0048821.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048822.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP223;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048825.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP224;Trojan.PWS.Gamania.12822;Deleted.;
A0048827.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP224;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048828.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP224;Trojan.PWS.Gamania.12822;Deleted.;
A0048840.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP224\A0048840.exe;Program.PsExec.171;;
A0048840.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP224;Archive contains infected objects;Moved.;
A0048866.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP224;Trojan.PWS.Gamania.12822;Deleted.;
A0048884.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP225;Trojan.PWS.Gamania.12822;Deleted.;
A0048886.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP225;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048887.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP225;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0048893.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP225\A0048893.exe;Program.PsExec.171;;
A0048893.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP225;Archive contains infected objects;Moved.;
A0049086.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP226;Trojan.PWS.Gamania.12822;Deleted.;
A0049088.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP226;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049089.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP226;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049095.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP226\A0049095.exe;Program.PsExec.171;;
A0049095.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP226;Archive contains infected objects;Moved.;
A0049288.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP227;Trojan.PWS.Gamania.12822;Deleted.;
A0049290.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP227;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049291.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP227;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049297.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP227\A0049297.exe;Program.PsExec.171;;
A0049297.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP227;Archive contains infected objects;Moved.;
A0049511.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP228;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049512.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP228;Trojan.PWS.Gamania.12822;Deleted.;
A0049545.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP228;Trojan.PWS.Wsgame.6864;Deleted.;
A0049546.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP228;Trojan.PWS.Wsgame.6864;Deleted.;
A0049547.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP228;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049548.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP228;Trojan.PWS.Wsgame.6862;Deleted.;
A0049549.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP228;Trojan.PWS.Wsgame.6861;Deleted.;
A0049584.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Gamania.12822;Deleted.;
A0049585.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Gamania.12822;Deleted.;
A0049586.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Gamania.12822;Deleted.;
A0049587.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Gamania.12822;Deleted.;
A0049588.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Gamania.12822;Deleted.;
A0049589.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Gamania.12822;Deleted.;
A0049590.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Wsgame.6827;Deleted.;
A0049591.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Wsgame.6862;Deleted.;
A0049592.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Wsgame.6861;Deleted.;
A0049593.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049594.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Wsgame.6864;Deleted.;
A0049596.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Wsgame.6832;Deleted.;
A0049614.EXE;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Program.PsExec.170;Incurable.Moved.;
A0049651.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP229;Trojan.PWS.Wsgame.6864;Deleted.;
A0049698.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Wsgame.6864;Deleted.;
A0049700.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Gamania.12822;Deleted.;
A0049701.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049702.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Gamania.12822;Deleted.;
A0049703.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Wsgame.6862;Deleted.;
A0049704.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Gamania.12822;Deleted.;
A0049706.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Wsgame.6861;Deleted.;
A0049707.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Wsgame.6827;Deleted.;
A0049708.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Gamania.12822;Deleted.;
A0049709.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Gamania.12822;Deleted.;
A0049710.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Trojan.PWS.Gamania.12822;Deleted.;
A0049721.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231\A0049721.exe;Program.PsExec.171;;
A0049721.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP231;Archive contains infected objects;Moved.;
A0049793.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049794.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049795.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049796.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049797.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049798.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049799.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049800.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049801.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6827;Deleted.;
A0049802.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6862;Deleted.;
A0049803.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6861;Deleted.;
A0049804.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049805.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6864;Deleted.;
A0049830.EXE;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Program.PsExec.170;Incurable.Moved.;
A0049860.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6867;Deleted.;
A0049861.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6867;Deleted.;
A0049873.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6867;Deleted.;
A0049874.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6867;Deleted.;
A0049875.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6864;Deleted.;
A0049876.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049877.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049878.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049879.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6862;Deleted.;
A0049880.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049881.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049883.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6861;Deleted.;
A0049891.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6867;Deleted.;
A0049892.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6867;Deleted.;
A0049893.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6864;Deleted.;
A0049894.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049896.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049897.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049898.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6862;Deleted.;
A0049899.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049900.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049902.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6861;Deleted.;
A0049903.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Wsgame.6827;Deleted.;
A0049904.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049905.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049906.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049907.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP233;Trojan.PWS.Gamania.12822;Deleted.;
A0049917.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0049918.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0049919.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0049920.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0049921.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0049922.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0049923.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0049924.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0049925.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6827;Deleted.;
A0049926.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6862;Deleted.;
A0049927.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6861;Deleted.;
A0049928.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0049929.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6864;Deleted.;
A0049949.EXE;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Program.PsExec.170;Incurable.Moved.;
A0049994.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6867;Deleted.;
A0049995.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6867;Deleted.;
A0050010.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6867;Deleted.;
A0050011.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6867;Deleted.;
A0050012.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6864;Deleted.;
A0050013.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0050014.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0050015.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0050016.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6862;Deleted.;
A0050017.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0050018.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0050019.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6861;Deleted.;
A0050020.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Wsgame.6827;Deleted.;
A0050021.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0050022.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0050023.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP234;Trojan.PWS.Gamania.12822;Deleted.;
A0050177.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP236;Trojan.PWS.Wsgame.6867;Deleted.;
A0050178.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP236;Trojan.PWS.Wsgame.6864;Deleted.;
A0050201.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Wsgame.6439;Deleted.;
A0050205.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Gamania.12991;Deleted.;
A0050206.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Wsgame.6867;Deleted.;
A0050207.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Wsgame.6867;Deleted.;
A0050208.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Wsgame.6864;Deleted.;
A0050209.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Gamania.12822;Deleted.;
A0050210.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0050211.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Wsgame.6862;Deleted.;
A0050212.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Wsgame.6861;Deleted.;
A0050214.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP237;Trojan.PWS.Wsgame.6859;Deleted.;
A0050230.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6864;Deleted.;
A0050231.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050232.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0050233.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050235.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050236.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050237.dll\data001;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050237.dll;Trojan.PWS.Gamania.origin;;
A0050237.dll\data002;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050237.dll;Trojan.PWS.Gamania.origin;;
A0050237.dll\data003;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050237.dll;Trojan.PWS.Gamania.origin;;
A0050237.dll\data004;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050237.dll;Trojan.PWS.Gamania.origin;;
A0050237.dll\data005;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050237.dll;Trojan.PWS.Gamania.origin;;
A0050237.dll\data006;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050237.dll;Trojan.PWS.Gamania.origin;;
A0050237.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Archive contains infected objects;Moved.;
A0050237.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.origin;Invalid path to file ;
A0050238.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6862;Deleted.;
A0050239.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6861;Deleted.;
A0050240.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6827;Deleted.;
A0050241.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050242.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050243.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050244.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050245.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6859;Deleted.;
A0050259.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12991;Deleted.;
A0050260.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6864;Deleted.;
A0050261.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050262.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0050263.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050264.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6862;Deleted.;
A0050265.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050266.dll\data001;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050266.dll;Trojan.PWS.Gamania.origin;;
A0050266.dll\data002;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050266.dll;Trojan.PWS.Gamania.origin;;
A0050266.dll\data003;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050266.dll;Trojan.PWS.Gamania.origin;;
A0050266.dll\data004;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050266.dll;Trojan.PWS.Gamania.origin;;
A0050266.dll\data005;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050266.dll;Trojan.PWS.Gamania.origin;;
A0050266.dll\data006;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238\A0050266.dll;Trojan.PWS.Gamania.origin;;
A0050266.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Archive contains infected objects;Moved.;
A0050266.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.origin;Invalid path to file ;
A0050267.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050268.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050269.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6861;Deleted.;
A0050270.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6827;Deleted.;
A0050271.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050272.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050274.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050275.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.12822;Deleted.;
A0050276.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Gamania.13003;Deleted.;
A0050277.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP238;Trojan.PWS.Wsgame.6859;Deleted.;
A0050298.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050299.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050300.dll\data001;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239\A0050300.dll;Trojan.PWS.Gamania.origin;;
A0050300.dll\data002;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239\A0050300.dll;Trojan.PWS.Gamania.origin;;
A0050300.dll\data003;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239\A0050300.dll;Trojan.PWS.Gamania.origin;;
A0050300.dll\data004;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239\A0050300.dll;Trojan.PWS.Gamania.origin;;
A0050300.dll\data005;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239\A0050300.dll;Trojan.PWS.Gamania.origin;;
A0050300.dll\data006;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239\A0050300.dll;Trojan.PWS.Gamania.origin;;
A0050300.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Archive contains infected objects;Moved.;
A0050300.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.origin;Invalid path to file ;
A0050301.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050302.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050303.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050304.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050305.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050306.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050307.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12991;Deleted.;
A0050308.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050309.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050310.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Wsgame.6859;Deleted.;
A0050311.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.13003;Deleted.;
A0050312.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Gamania.12822;Deleted.;
A0050313.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Wsgame.6827;Deleted.;
A0050314.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Wsgame.6862;Deleted.;
A0050315.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Wsgame.6861;Deleted.;
A0050316.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0050317.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
A0050318.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Trojan.PWS.Wsgame.6864;Deleted.;
A0050338.EXE;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP239;Program.PsExec.170;Incurable.Moved.;
A0050437.EXE;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP240;Program.PsExec.170;Incurable.Moved.;
A0050573.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.PWS.Wsgame.6867;Deleted.;
A0050574.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.PWS.Wsgame.6867;Deleted.;
A0050585.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.PWS.Gamania.12822;Deleted.;
A0050586.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.DownLoad.3234;Deleted.;
A0050587.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.PWS.Gamania.12822;Deleted.;
A0050588.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.PWS.Gamania.12991;Deleted.;
A0050589.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.PWS.Gamania.12822;Deleted.;
A0050590.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.PWS.Gamania.12822;Deleted.;
A0051587.dll;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0051596.exe\data001;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241\A0051596.exe;Probably BACKDOOR.Trojan;;
A0051596.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Archive contains infected objects;Moved.;
A0051597.exe\data001;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241\A0051597.exe;Probably BACKDOOR.Trojan;;
A0051597.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Archive contains infected objects;Moved.;
A0051598.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241\A0051598.exe;Program.PsExec.171;;
A0051598.exe;C:\System Volume Information\_restore{C80A0E31-CFB6-43C8-806D-D60328756522}\RP241;Archive contains infected objects;Moved.;
joindomain.exe;C:\WINDOWS\nus\joindomain;Probably BACKDOOR.Trojan;Incurable.Moved.;
dntggf.dll;C:\WINDOWS\system32;Trojan.PWS.Gamania.12822;Deleted.;
knx32.dll;C:\WINDOWS\system32;Trojan.PWS.Gamania.origin;Incurable.Moved.;
knx32.exe;C:\WINDOWS\system32;Probably MULDROP.Trojan;Invalid path to file ;
sunesnk.exe;C:\WINDOWS\system32;Trojan.PWS.Wsgame.origin;Incurable.Moved.;
xpsbosk.exe;C:\WINDOWS\system32;Trojan.PWS.Wsgame.6864;Deleted.;
197609;C:\_OTMoveIt\MovedFiles\08052008_103056\00004E4E;Trojan.PWS.Gamania.12822;Deleted.;
220031;C:\_OTMoveIt\MovedFiles\08052008_103056\00004E4E;Trojan.MulDrop.18267;Deleted.;
239390;C:\_OTMoveIt\MovedFiles\08052008_103056\00004E4E;Trojan.PWS.Gamania.12839;Deleted.;
1120109;C:\_OTMoveIt\MovedFiles\08052008_103056\000064A5;Trojan.MulDrop.18152;Deleted.;
1142031;C:\_OTMoveIt\MovedFiles\08052008_103056\000064A5;Trojan.PWS.Gamania.12839;Deleted.;
1161296;C:\_OTMoveIt\MovedFiles\08052008_103056\000064A5;Trojan.PWS.Gamania.12822;Deleted.;
869968;C:\_OTMoveIt\MovedFiles\08052008_103056\00006C17;Trojan.PWS.Wsgame.6471;Deleted.;
125265;C:\_OTMoveIt\MovedFiles\08052008_103056\00006C66;Trojan.PWS.Gamania.12822;Deleted.;
167406;C:\_OTMoveIt\MovedFiles\08052008_103056\00006C66;Trojan.PWS.Gamania.12839;Deleted.;
189546;C:\_OTMoveIt\MovedFiles\080520
  • 0

#36
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
AVP Tool by Kaspersky

Detected
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.splc File: c:\windows\system32\tesxdx.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.snda File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\298687//PE_Patch//UPack
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.snda File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\300265//PE_Patch//UPack
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smnv File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\450562//PE_Patch//UPack
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smnv File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\495031//PE_Patch//UPack
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.snda File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\511078//PE_Patch//UPack
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0044572.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0044573.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048711.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048712.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048754.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048755.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048783.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048784.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048821.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048822.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048827.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048886.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0048887.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049088.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049089.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049290.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049291.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049511.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049547.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049593.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049701.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049804.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049877.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049896.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0049928.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050014.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050210.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050232.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050237.dll
deleted: Trojan program Trojan.Win32.Agent.xui File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050262.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050266.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050300.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050316.dll
deleted: Trojan program Trojan.Win32.Agent.xui File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0050317.dll
deleted: Trojan program Trojan-Dropper.Win32.Agent.vlk File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\A0051587.dll
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smll File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\aliens.dll.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\aliensk.exe
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00007.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00008.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00016.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00017.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00024.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00028.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00031.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00034.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00087.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00094.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00102.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.smlr File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00113.dta
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\avz00122.dta
deleted: Trojan program Trojan.Win32.Agent.xui File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\baccops.dll.vir
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\hhrdxd.dll.vir
deleted: Trojan program Trojan-Dropper.Win32.Agent.vlk File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\knx32.dll
deleted: Trojan program Trojan-Dropper.Win32.Agent.vlk File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\knx32.exe//PE_Patch//UPack//#
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.spix File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\sunesnk.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.soba File: C:\Documents and Settings\AdminNUS\DoctorWeb\Quarantine\~fE.tmp
deleted: Trojan program Trojan-GameThief.Win32.OnLineGames.bkjf File: C:\WINDOWS\system32\ckicps.dll
  • 0

#37
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
virusinfo_syscheck.htm attached



DSS log

Deckard's System Scanner v20071014.68
Run by cx on 2008-08-13 07:02:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as cx.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:03:10, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\NUS-VPN\cvpnd.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\[email protected]\winFAH.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\[email protected]\FahCore_82.exe
C:\Documents and Settings\AdminNUS\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\cx.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: Foldi[email protected] 5.03.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.nus.edu.sg
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152237826813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152237878563
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = stu.nus.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: sunesn.dll lenowos.dll xpsbos.dll baccops.dll rmbsony.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10662 bytes

-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-11 22:48:44 0 d-------- C:\Documents and Settings\AdminNUS\DoctorWeb
2008-08-11 22:46:42 0 d--hs---- C:\00004229
2008-08-11 21:20:53 24576 --a------ C:\WINDOWS\system32\xpsbos.dll
2008-08-11 21:16:24 0 d--hs---- C:\000069B6
2008-08-11 11:16:45 0 d--hs---- C:\00006929
2008-08-10 22:21:06 0 d--hs---- C:\000065ED
2008-08-10 14:56:23 0 d--hs---- C:\0000663B
2008-08-09 23:18:07 0 d--hs---- C:\000064D4
2008-08-09 21:10:24 0 d--hs---- C:\00006A04
2008-08-09 12:43:30 0 d--hs---- C:\000050DF
2008-08-08 14:56:20 0 d--hs---- C:\00006D7F
2008-08-04 23:41:34 0 d-------- C:\cmdcons
2008-08-04 23:40:16 68096 --a------ C:\WINDOWS\zip.exe
2008-08-04 23:40:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-04 23:40:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-04 23:40:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-04 23:40:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-04 23:40:16 98816 --a------ C:\WINDOWS\sed.exe
2008-08-04 23:40:16 80412 --a------ C:\WINDOWS\grep.exe
2008-08-04 23:40:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-02 09:52:15 0 d-------- C:\Program Files\SpyZooka


-- Find3M Report ---------------------------------------------------------------

2008-08-12 22:18:00 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-08-08 14:44:09 0 d-------- C:\Program Files\[email protected]
2008-08-08 14:40:13 0 d-------- C:\Program Files\Common Files
2008-08-02 09:52:20 0 d-------- C:\Program Files\Enigma Software Group
2008-08-01 21:32:26 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-01 12:13:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 21:14:48 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\EaseDic
2008-07-28 12:00:54 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\U3
2008-07-24 20:17:40 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\Macromedia
2008-07-17 13:38:24 0 d-------- C:\Program Files\Java
2008-06-24 23:01:50 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\AVGTOOLBAR
2008-06-20 10:23:08 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\Mozilla


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
02/06/2008 12:03 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [02/06/2008 12:03 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/01/2006 17:03]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/11/2005 15:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/11/2005 15:26]
"RTHDCPL"="RTHDCPL.EXE" [08/12/2005 22:49 C:\WINDOWS\RTHDCPL.exe]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [10/08/2005 02:53]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [09/06/2005 01:20]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [05/11/2005 06:48]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [22/07/2005 06:21]
"DispSwitchLauncher"="C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [21/07/2005 07:23]
"AGRSMMSG"="AGRSMMSG.exe" [17/01/2006 13:26 C:\WINDOWS\AGRSMMSG.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [01/08/2005 20:10]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [17/01/2006 21:26]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [17/01/2006 21:26]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 21:00 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [02/06/2008 12:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]
"Desktop Calendar"="C:\Program Files\Desktop Calendar\Desktop Calendar.exe" [31/10/2003 12:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 21:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"

C:\Documents and Settings\AdminNUS\Start Menu\Programs\Startup\
[email protected] 5.03.lnk - C:\Program Files\[email protected]\winFAH.exe [26/12/2007 20:40:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [02/06/2004 13:04:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{021F087F-4378-545F-74FA-37D345AD7A8C}"= C:\WINDOWS\system32\mttwfh.dll [ ]
"{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}"= C:\WINDOWS\system32\wklsdd.dll [ ]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{F99DEFDD-200B-4410-B572-E90883D527D2}"= C:\WINDOWS\system32\wrqszl.dll [ ]
"{0B846B26-BFE6-4E8E-A948-1DB17B77B483}"= C:\WINDOWS\system32\tdfhex.dll [ ]
"{8C41B7F7-3168-400D-A702-0E7EFE0BA304}"= C:\WINDOWS\system32\sgdewg.dll [ ]
"{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}"= C:\WINDOWS\system32\fsrgeb.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sunesn.dll lenowos.dll xpsbos.dll baccops.dll rmbsony.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AdminNUS^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\AdminNUS\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Sony Ericsson\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e73d2111-3058-11dd-93e2-001302ad0ccf}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-13 07:03:32 ------------

Attached Files


  • 0

#38
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, please do all these offline.. Please DO NOT connect to the internet until we get your computer fully clean..

Please do the following..


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O20 - AppInit_DLLs: sunesn.dll lenowos.dll xpsbos.dll baccops.dll rmbsony.dll

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.





NEXT


Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\00??????
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{021F087F-4378-545F-74FA-37D345AD7A8C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A9895933-6636-4281-BC58-EE6DE2AF96E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F99DEFDD-200B-4410-B572-E90883D527D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


  • Close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the attached file at the bottom of this post
  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically, and post back with a new AVZ report.

  • After that, please restart AVZ again,
  • From the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply, along with a fresh DSS log




Still DO NOT connect to the internet.. Post all logs requested via another computer..


Please post the following logs in your next reply..

1. OTMoveIt2
2. Attach a new virusinfo_syscheck.htm
3. A fresh DSS log..



Regards
fenzodahl512
  • 0

#39
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Some problems with the OTMoveIt2 log during the transfer, I'll try again later. But the other 2 logs are okay.

DSS log

Deckard's System Scanner v20071014.68
Run by cx on 2008-08-15 10:21:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as cx.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:33, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\NUS-VPN\cvpnd.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\[email protected]\winFAH.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\[email protected]\FahCore_82.exe
C:\Documents and Settings\AdminNUS\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\cx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: [email protected] 5.03.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.nus.edu.sg
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152237826813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152237878563
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = stu.nus.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = stu.nus.edu.sg
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10459 bytes

-- Files created between 2008-07-15 and 2008-08-15 -----------------------------

2008-08-11 22:48:44 0 d-------- C:\Documents and Settings\AdminNUS\DoctorWeb
2008-08-04 23:41:34 0 d-------- C:\cmdcons
2008-08-04 23:40:16 68096 --a------ C:\WINDOWS\zip.exe
2008-08-04 23:40:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-04 23:40:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-04 23:40:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-04 23:40:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-04 23:40:16 98816 --a------ C:\WINDOWS\sed.exe
2008-08-04 23:40:16 80412 --a------ C:\WINDOWS\grep.exe
2008-08-04 23:40:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-02 09:52:15 0 d-------- C:\Program Files\SpyZooka


-- Find3M Report ---------------------------------------------------------------

2008-08-15 10:12:09 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-08-08 14:44:09 0 d-------- C:\Program Files\[email protected]
2008-08-08 14:40:13 0 d-------- C:\Program Files\Common Files
2008-08-02 09:52:20 0 d-------- C:\Program Files\Enigma Software Group
2008-08-01 21:32:26 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-01 12:13:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 21:14:48 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\EaseDic
2008-07-28 12:00:54 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\U3
2008-07-24 20:17:40 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\Macromedia
2008-07-17 13:38:24 0 d-------- C:\Program Files\Java
2008-06-24 23:01:50 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\AVGTOOLBAR
2008-06-20 10:23:08 0 d-------- C:\Documents and Settings\AdminNUS\Application Data\Mozilla


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
02/06/2008 12:03 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [02/06/2008 12:03 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/01/2006 17:03]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/11/2005 15:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/11/2005 15:26]
"RTHDCPL"="RTHDCPL.EXE" [08/12/2005 22:49 C:\WINDOWS\RTHDCPL.exe]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [10/08/2005 02:53]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [09/06/2005 01:20]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [05/11/2005 06:48]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [22/07/2005 06:21]
"DispSwitchLauncher"="C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [21/07/2005 07:23]
"AGRSMMSG"="AGRSMMSG.exe" [17/01/2006 13:26 C:\WINDOWS\AGRSMMSG.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [01/08/2005 20:10]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [17/01/2006 21:26]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [17/01/2006 21:26]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 21:00 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [02/06/2008 12:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]
"Desktop Calendar"="C:\Program Files\Desktop Calendar\Desktop Calendar.exe" [31/10/2003 12:38]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 21:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"

C:\Documents and Settings\AdminNUS\Start Menu\Programs\Startup\
[email protected] 5.03.lnk - C:\Program Files\[email protected]\winFAH.exe [26/12/2007 20:40:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [02/06/2004 13:04:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AdminNUS^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\AdminNUS\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Sony Ericsson\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e73d2111-3058-11dd-93e2-001302ad0ccf}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-15 10:22:00 ------------

Attached Files


  • 0

#40
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Double posted.

Edited by fenzodahl512, 15 August 2008 - 02:07 AM.
edited

  • 0

Advertisements


#41
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Still, please stay OFFLINE..


IMPORTANT!: Please create a fresh Restore Point before proceed with our fix. Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.



Please show hidden files and folders



Please look for this file C:\WINDOWS\system32\Drivers\msiffei.sys and tell me whether you can find it.. Don't do anything with it yet.. Just tell me whether you can find it or not..
  • 0

#42
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Explorer killed successfully
< C:\00?????? >
C:\00004229 moved successfully.
C:\000050DF moved successfully.
C:\000064D4 moved successfully.
C:\000065ED moved successfully.
C:\0000663B moved successfully.
C:\00006929 moved successfully.
C:\000069B6 moved successfully.
C:\00006A04 moved successfully.
C:\00006D7F moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{021F087F-4378-545F-74FA-37D345AD7A8C} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{021F087F-4378-545F-74FA-37D345AD7A8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{021F087F-4378-545F-74FA-37D345AD7A8C}\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A9895933-6636-4281-BC58-EE6DE2AF96E3} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A9895933-6636-4281-BC58-EE6DE2AF96E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9895933-6636-4281-BC58-EE6DE2AF96E3}\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F99DEFDD-200B-4410-B572-E90883D527D2} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F99DEFDD-200B-4410-B572-E90883D527D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F99DEFDD-200B-4410-B572-E90883D527D2}\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0B846B26-BFE6-4E8E-A948-1DB17B77B483} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0B846B26-BFE6-4E8E-A948-1DB17B77B483} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8C41B7F7-3168-400D-A702-0E7EFE0BA304} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{8C41B7F7-3168-400D-A702-0E7EFE0BA304} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}\ deleted successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08152008_100744
  • 0

#43
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
that file you said cannot be located
  • 0

#44
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. still, do this offline (which means transfer everything to/from another computer)


I haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.




NEXT


Reboot into Safe Mode
  • Once in Safe Mode, close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the attached file at the bottom of this post
  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically, and post back with a new AVZ report.




NEXT


Please download CleanUp! by stevengould.org and save it to your Desktop.
  • Double-click CleanUp452.exe and install CleanUp! to your computer
  • Open CleanUp! and click on Options.. button.
  • Under General tab, choose Standard CleanUp! and then click Ok
  • Click on the CleanUp! button. When it asked you to logoff Windows, click on Yes
  • Let your Windows rebooted (or do it manually) and continue with the next step




NEXT



Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • At the top, tick on Scan All Users section
  • In the Processes, Services, Drivers and Registry section set on Non-Microsoft.
  • In the Rootkit Search section, set to Yes
  • In the Files Created Within and Files Modified Within section, set it on 90 Days
  • At the bottom, tick on all Non-Microsoft Only and Include All Unicode Names option
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - NeverShowExt Settings
      Reg - Shell Spawning
      Reg - ContolSets
      Reg - Security Settings
      File - Additional Folder Scans
      File - Lop Check
      File - Purity Scan
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.




NEXT


  • After that, please restart AVZ again,
  • From the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply, along with a fresh DSS log




Please stay offline.. Please download all requested program from another computer and transfer it to the infected computer..


Please upload these logs in in 2shared website in your next reply..

1. OTScanIt
2. virusinfo_syscheck.htm


Please upload all logs at link below:
http://www.2shared.com/

Then, after you successfully upload it, please copy/paste the link given under Here is your download link: tab..



Regards
fenzodahl512

Edited by fenzodahl512, 16 August 2008 - 01:48 AM.

  • 0

#45
mercurius

mercurius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Bad news... as usual I am unable to run OTScanIt.exe. Do I continue with the rest of the procedures?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP