Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Windows Theme Changed to Classic and no Internet Connection
   
BullGuard Antivirus Forum > General Security > Spyware > Windows Theme Changed to Classic and no Internet Connection  
Forum Quick Jump
 
New Topic Post reply to : Windows Theme Changed to Classic and no Internet Connection Printable version of : Windows Theme Changed to Classic and no Internet Connection
[ << Previous Thread | Next Thread >> ]

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-17-2007 12:36 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:46 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\services.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RAV008C] C:\WINDOWS\system32\RAV008C.exe
O4 - HKLM\..\Run: [Microsoft Autorun4] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [Microsoft Autorun5] C:\WINDOWS\system32\mosou.exe
O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
O4 - HKLM\..\Run: [QQREST] C:\WINDOWS\system\SMSS.exe
O4 - HKLM\..\Run: [Microsoft Autorun7] C:\WINDOWS\system32\nwiztlbu.exe
O4 - HKLM\..\Run: [RAV00AE] C:\WINDOWS\system32\RAV00AE.exe
O4 - HKLM\..\Run: [Microsoft Autorun11] C:\WINDOWS\system32\nwizwlwzs.exe
O4 - HKLM\..\Run: [Microsoft Autorun10] C:\WINDOWS\system32\nwizwmgjs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\swcprt.exe
O4 - HKLM\..\Run: [RAVMHMON] C:\WINDOWS\Fonts\RAVMHMON.exe
O4 - HKLM\..\Run: [RAVMSMON] C:\WINDOWS\Fonts\RAVMSMON.exe
O4 - HKLM\..\Run: [RAVQJMON] C:\WINDOWS\Fonts\RAVQJMON.exe
O4 - HKLM\..\Run: [RAVZTMON] C:\WINDOWS\system32\RAVZTMON.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\WINDOWS\system32\RAVZXMON.exe
O4 - HKLM\..\Run: [RAV00A3] C:\WINDOWS\system32\RAV00A3.exe
O4 - HKLM\..\Run: [RAV0091] C:\WINDOWS\system32\RAV0091.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NTService] C:\Program Files\Common Files\System\MSOSV.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4641723-C96F-49BF-B68D-BCC8F357E20B}: NameServer = 165.21.83.88 165.21.100.88
O20 - AppInit_DLLs: mydpri.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5145 bytes

Good day all, here is my hijackthis file. I dunno if there is any problem with spyware & malware. Once i connect to the internet, after like about 10 mins, the windows theme changed from the XP one to the classic one and after a while it changed back to the XP one again. Then i will have no internet connection and I will have to restart my computer. there is this auto.exe file in all my hard drive & even i deleted it away, it still keep appearing. I cant run any online virus scan as I keep getting disconnected after like 5 to 10 mins. Any other alternatives
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-17-2007 12:53 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Just follow the guide/instructions You have got here:
 
 
Still no antivirus - Hmm
 
 
Post the log´s in this thread

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-17-2007 2:50 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
This are all my files after I run the AVG scan
This is my HIJACKTHIS file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:40 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\services.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RAV008C] C:\WINDOWS\system32\RAV008C.exe
O4 - HKLM\..\Run: [Microsoft Autorun4] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [Microsoft Autorun5] C:\WINDOWS\system32\mosou.exe
O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
O4 - HKLM\..\Run: [QQREST] C:\WINDOWS\system\SMSS.exe
O4 - HKLM\..\Run: [RAV00AE] C:\WINDOWS\system32\RAV00AE.exe
O4 - HKLM\..\Run: [Microsoft Autorun11] C:\WINDOWS\system32\nwizwlwzs.exe
O4 - HKLM\..\Run: [Microsoft Autorun10] C:\WINDOWS\system32\nwizwmgjs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\xstvgs.exe
O4 - HKLM\..\Run: [RAVMHMON] C:\WINDOWS\Fonts\RAVMHMON.exe
O4 - HKLM\..\Run: [RAVMSMON] C:\WINDOWS\Fonts\RAVMSMON.exe
O4 - HKLM\..\Run: [RAVQJMON] C:\WINDOWS\Fonts\RAVQJMON.exe
O4 - HKLM\..\Run: [RAVZTMON] C:\WINDOWS\system32\RAVZTMON.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\WINDOWS\system32\RAVZXMON.exe
O4 - HKLM\..\Run: [RAV00A3] C:\WINDOWS\system32\RAV00A3.exe
O4 - HKLM\..\Run: [RAV0091] C:\WINDOWS\system32\RAV0091.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NTService] C:\Program Files\Common Files\System\MSOSV.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O20 - AppInit_DLLs: mydpri.dll
O23 - Service: A6049A5A - Unknown owner - C:\WINDOWS\system32\113DCAE7.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5073 bytes

This is my COMBOFIX file
ComboFix 07-08-14.4 - "LeoNa" 2005-08-17 21:29:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.206 [GMT 8:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Autorun.inf
C:\WINDOWS\services.exe
C:\WINDOWS\system\smss.exe
C:\WINDOWS\system32\113DCAE7.EXE
C:\WINDOWS\system32\dllhost32.exe
C:\WINDOWS\system32\mosou.dll
C:\WINDOWS\system32\mosou.exe
C:\WINDOWS\system32\mssock.sys
C:\WINDOWS\system32\nwiztlbb.dll
C:\WINDOWS\system32\nwiztlbu.exe
C:\WINDOWS\system32\nwizzhuxians.dll
C:\WINDOWS\system32\nwizzhuxians.exe
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2005-07-17 to 2005-08-17 )))))))))))))))))))))))))))))))


2005-08-17 21:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2005-08-17 20:11 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2005-08-17 20:08 14,336 --a------ C:\WINDOWS\NVDispDrv.exe
2005-08-13 20:26 1,632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2005-08-13 20:17 <DIR> C:\,I,O,E,ú?I,Š,‡,A,-,ú
2005-08-13 11:42 16,843 ---h----- C:\auto.exe
2005-08-13 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2005-08-13 10:25 13,824 --a------ C:\WINDOWS\xnvxkr.exe
2005-08-06 17:48 30,474 --------- C:\WINDOWS\system32\drivers\mscnr.sys
2005-08-06 17:48 30,378 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2005-08-06 17:48 151,552 --------- C:\WINDOWS\system32\mscnh.dll
2005-08-06 17:48 <DIR> d-------- C:\Program Files\MP3Player
2005-07-24 10:52 90,112 --a------ C:\WINDOWS\system32\AMEUninst2000.exe
2005-07-24 10:52 81,920 --a------ C:\WINDOWS\system32\NotifyPhoneBook.exe
2005-07-24 10:52 77,824 --------- C:\WINDOWS\system32\DSLTest.exe
2005-07-24 10:52 65,536 --a------ C:\WINDOWS\system32\RasXP.exe
2005-07-24 10:52 6,511 --a------ C:\WINDOWS\system32\drivers\StrFilter.sys
2005-07-24 10:52 45,056 --a------ C:\WINDOWS\system32\InstallHardware.exe
2005-07-24 10:52 45,056 --a------ C:\WINDOWS\system32\GainSettings.exe
2005-07-24 10:52 36,864 --a------ C:\WINDOWS\system32\Ras2000.exe
2005-07-24 10:52 36,864 --a------ C:\WINDOWS\system32\CustomizeNdisParams.exe
2005-07-24 10:52 36,864 --a------ C:\WINDOWS\system32\AMEInstall.exe
2005-07-24 10:52 36,864 --------- C:\WINDOWS\system32\Api32.dll
2005-07-24 10:52 32,768 --a------ C:\WINDOWS\system32\SetIpConfig2000Xp.exe
2005-07-24 10:52 32,768 --a------ C:\WINDOWS\system32\RemDial.exe
2005-07-24 10:52 319,488 --------- C:\WINDOWS\system32\MultLang.dll
2005-07-24 10:52 305,192 --a------ C:\WINDOWS\system32\drivers\fw-usb.bin
2005-07-24 10:52 305,192 --------- C:\WINDOWS\system32\fw-usb.bin
2005-07-24 10:52 28,672 --a------ C:\WINDOWS\system32\RShort2k.exe
2005-07-24 10:52 28,672 --a------ C:\WINDOWS\system32\RemoveElan.exe
2005-07-24 10:52 28,672 --a------ C:\WINDOWS\system32\PnpFix.exe
2005-07-24 10:52 28,672 --a------ C:\WINDOWS\system32\AMELaunchUninst.exe
2005-07-24 10:52 24,576 --a------ C:\WINDOWS\system32\AMECSARemove.exe
2005-07-24 10:52 24,576 --------- C:\WINDOWS\system32\RenCSA.exe
2005-07-24 10:52 24,576 --------- C:\WINDOWS\system32\DelCSA.exe
2005-07-24 10:52 204,800 --------- C:\WINDOWS\system32\WaitMsg.exe
2005-07-24 10:52 12,507 --------- C:\WINDOWS\system32\Snetcfg.exe
2005-07-24 10:52 118,391 --a------ C:\WINDOWS\system32\drivers\ameatmpc.sys
2005-07-24 10:52 118,391 --------- C:\WINDOWS\system32\ameatmpc.sys
2005-07-24 10:52 110,592 --------- C:\WINDOWS\system32\Utility.exe
2005-07-24 10:52 106,496 --------- C:\WINDOWS\system32\Cleanup.exe
2005-07-24 10:52 1,208 --a------ C:\WINDOWS\system32\INIT-USB.BIN
2005-07-24 10:52 1,208 --a------ C:\WINDOWS\system32\drivers\init-usb.bin
2005-07-24 10:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2005-07-18 14:43 <DIR> d-------- C:\Program Files\Common Files\Nero
2005-07-18 14:42 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2005-07-18 14:37 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2005-07-18 14:37 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2005-07-18 14:37 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2005-07-18 14:37 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2005-07-18 14:37 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2005-07-18 14:37 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2005-07-18 14:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2005-07-18 14:37 <DIR> d-------- C:\Program Files\Ahead
2005-07-18 13:57 <DIR> d-------- C:\Program Files\Combined Community Codec Pack


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 17:44 58 --a------ C:\WINDOWS\system32\mydini.dll
2007-08-10 17:00 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\WinRAR
2007-07-15 11:33 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\HP
2007-07-15 11:27 --------- d-------- C:\Program Files\HP
2007-07-15 11:26 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-15 11:25 --------- d-------- C:\Program Files\Common Files\HP
2007-07-15 11:22 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-15 11:18 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-07-15 10:53 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-14 23:47 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\Media Player Classic
2007-07-14 23:45 --------- d-------- C:\Program Files\Real Alternative
2007-07-14 23:45 --------- d-------- C:\Program Files\Media Player Classic
2007-07-14 23:39 --------- d-------- C:\Program Files\MSN Messenger
2007-07-14 23:08 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\vlc
2007-07-14 23:07 --------- d-------- C:\Program Files\VideoLAN
2007-07-14 09:19 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-07-14 09:09 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-07-14 08:39 --------- d-------- C:\Program Files\Azureus
2007-07-14 08:29 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-14 08:19 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-14 08:18 0 -rahs---- C:\MSDOS.SYS
2007-07-14 08:18 0 -rahs---- C:\IO.SYS
2007-07-14 08:18 0 --a------ C:\CONFIG.SYS
2007-07-14 08:18 0 --a------ C:\AUTOEXEC.BAT
2007-07-14 08:15 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-14 08:15 --------- d-------- C:\Program Files\Online Services
2007-07-14 08:14 --------- d-------- C:\Program Files\Movie Maker
2007-07-14 08:14 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-14 08:12 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-14 08:12 --------- d-------- C:\Program Files\Messenger
2007-07-14 08:11 --------- d-------- C:\Program Files\Windows NT
2006-01-24 11:34 118784 --a------ C:\WINDOWS\system32\sirenacm.dll
2005-08-17 21:37 16896 --a------ C:\WINDOWS\system32\NVDispDrv.dll
2005-08-17 21:37 11776 --a------ C:\WINDOWS\system32\nwizwlwzs.dll
2005-08-17 21:37 10752 --a------ C:\WINDOWS\system32\nwizwmgjs.dll
2005-08-17 20:08 9216 --a------ C:\WINDOWS\system32\mh104.dll
2005-08-17 16:17 10834 --a------ C:\WINDOWS\system32\811D40DF.DLL
2005-08-14 20:10 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\Azureus
2005-08-13 11:03 11776 --ahs---- C:\pagefiles.pif
2005-08-13 10:51 8796 --ah----- C:\WINDOWS\system32\mssql.dll
2005-08-13 10:50 9696 --a------ C:\WINDOWS\system32\RAVZXMON.exe
2005-08-13 10:50 14480 --a------ C:\WINDOWS\Fonts.\RAVMHMON.exe
2005-08-13 10:50 14336 --a------ C:\WINDOWS\xstvgs.exe
2005-08-13 10:50 12952 --a------ C:\WINDOWS\Fonts.\RAVMSMON.exe
2005-08-13 10:50 12672 --a------ C:\WINDOWS\Fonts.\RAVQJMON.exe
2005-08-13 10:50 10952 --a------ C:\WINDOWS\system32\RAVZTMON.exe
2005-07-31 20:27 9860 --a------ C:\WINDOWS\system32\RAV00A3.exe
2005-07-31 20:27 9704 --a------ C:\WINDOWS\system32\RAV00B2.exe
2005-07-31 20:27 9648 --a------ C:\WINDOWS\system32\RAV0091.exe
2005-07-31 20:27 10256 --a------ C:\WINDOWS\system32\RAV00AE.exe
2005-07-25 20:17 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\Real
2005-07-25 00:56 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\dvdcss
2005-07-18 14:08 9676 --a------ C:\WINDOWS\system32\RAV008C.exe
2005-07-18 14:08 9404 --a------ C:\WINDOWS\system32\RAV009B.exe
2005-07-18 14:08 8572 --a------ C:\WINDOWS\system32\nwizwlwzs.exe
2005-07-18 14:08 8072 --a------ C:\WINDOWS\system32\nwizwmgjs.exe
2005-07-15 20:21 5632 --a------ C:\WINDOWS\system\fOxkb.sys
2005-07-15 20:21 24576 --a------ C:\WINDOWS\system\hook.dll
2005-07-13 16:41 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2005-07-13 16:41 --------- d-------- C:\Program Files\Common Files\ODBC
2005-05-11 23:36 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RAV008C"="C:\WINDOWS\system32\RAV008C.exe" [2005-07-18 14:08]
"Microsoft Autorun4"="C:\WINDOWS\system32\dllhost32.exe" []
"Microsoft Autorun5"="C:\WINDOWS\system32\mosou.exe" []
"RAV009B"="C:\WINDOWS\system32\RAV009B.exe" [2005-07-18 14:08]
"QQREST"="C:\WINDOWS\system\SMSS.exe" []
"RAV00AE"="C:\WINDOWS\system32\RAV00AE.exe" [2005-07-31 20:27]
"Microsoft Autorun11"="C:\WINDOWS\system32\nwizwlwzs.exe" [2005-07-18 14:08]
"Microsoft Autorun10"="C:\WINDOWS\system32\nwizwmgjs.exe" [2005-07-18 14:08]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AME_CSA"="amecsa.cpl" [2003-01-29 14:16 C:\WINDOWS\system32\AmeCSA.cpl]
"NVDispDrv"="C:\WINDOWS\xstvgs.exe" [2005-08-13 10:50]
"RAVMHMON"="C:\WINDOWS\Fonts\RAVMHMON.exe" [2005-08-13 10:50]
"RAVMSMON"="C:\WINDOWS\Fonts\RAVMSMON.exe" [2005-08-13 10:50]
"RAVQJMON"="C:\WINDOWS\Fonts\RAVQJMON.exe" [2005-08-13 10:50]
"RAVZTMON"="C:\WINDOWS\system32\RAVZTMON.exe" [2005-08-13 10:50]
"RAVZXMON"="C:\WINDOWS\system32\RAVZXMON.exe" [2005-08-13 10:50]
"RAV00A3"="C:\WINDOWS\system32\RAV00A3.exe" [2005-07-31 20:27]
"RAV0091"="C:\WINDOWS\system32\RAV0091.exe" [2005-07-31 20:27]
"RAV00B2"="C:\WINDOWS\system32\RAV00B2.exe" [2005-07-31 20:27]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 20:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"NTService"="C:\Program Files\Common Files\System\MSOSV.EXE" [2004-08-04 20:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4562452F-FA36-BA4F-892A-FF5FBBAC5314}"= C:\WINDOWS\system32\mydpri.dll [2004-08-04 17:44 20015]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=mydpri.dll

R2 Atmuni;ATM Call Manager;C:\WINDOWS\system32\DRIVERS\atmuni.sys
R2 Rawwan;RAW WAN Driver;C:\WINDOWS\system32\DRIVERS\rawwan.sys
R3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys
S2 A6049A5A;A6049A5A;C:\WINDOWS\system32\113DCAE7.EXE -k
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 fOxkb;fOxkb;\??\C:\WINDOWS\system\fOxkb.sys
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8fecc84-31a0-11dc-a01c-00300a0d9367}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explorer\command- G:\pagefiles.pif
open\command- G:\pagefiles.pif

*Newly Created Service* - AVGASCLN

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
C:\WINDOWS\system32\nwizzhuxians.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-08-17 21:37:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
NTService = C:\Program Files\Common Files\System\MSOSV.EXE?|????????????1??|??Rt???????|????????????x????D?|p??|???|?D?|?5?|?C?|????h??????????????????? &w????D?&wF??????????|????V?????&w??&w &w??????????????????????&w??&wt??????????????|??&w????h??????|??&w???????????

scanning hidden files ...

**************************************************************************

Completion time: 2005-08-17 21:40:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2005-08-17 21:39

--- E O F ---

This is my ROOTCHK file
********************************* ROOTCHK-(15-08-07)-LOG, by ejvindh
Wed 08/17/2005 21:41:23.92

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-08-17 21:41:24
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

Post Edited (weeleong87) : 17-08-2007 13:54:45 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-17-2007 3:44 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection

1.      Download AVG Anti-Virus Free Edition

2.      AVG Free Anti-Virus can be downloaded from the AVG website.
3.      Scroll down the page and click Download Free Version. Under the Windows section, click to download the file under AVG Free for Windows installation files. Click OK to save the file to your PC.
4.      Double-click the file you downloaded, and click Next on the welcome screen. Click Accept to agree to the License Agreement. Choose Standard Installation then click Next.
5.      A window will now pop-up if there are any available updates. Click Update to download them. AVG will download and automatically install any updates. Click OK when finished.
6.      Back on the First Run window, click Next to proceed. Leave the Daily Scanning settings as they are and click Next.
7.      You now have the option to perform a scan to test your computer for viruses.
8.      Click Scan computer!
 
Reboot, post new hijackthis log

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-17-2007 4:28 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:35 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RAV008C] C:\WINDOWS\system32\RAV008C.exe
O4 - HKLM\..\Run: [Microsoft Autorun4] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [Microsoft Autorun5] C:\WINDOWS\system32\mosou.exe
O4 - HKLM\..\Run: [RAV009B] C:\WINDOWS\system32\RAV009B.exe
O4 - HKLM\..\Run: [QQREST] C:\WINDOWS\system\SMSS.exe
O4 - HKLM\..\Run: [RAV00AE] C:\WINDOWS\system32\RAV00AE.exe
O4 - HKLM\..\Run: [Microsoft Autorun11] C:\WINDOWS\system32\nwizwlwzs.exe
O4 - HKLM\..\Run: [Microsoft Autorun10] C:\WINDOWS\system32\nwizwmgjs.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe
O4 - HKLM\..\Run: [RAVMHMON] C:\WINDOWS\Fonts\RAVMHMON.exe
O4 - HKLM\..\Run: [RAVMSMON] C:\WINDOWS\Fonts\RAVMSMON.exe
O4 - HKLM\..\Run: [RAVQJMON] C:\WINDOWS\Fonts\RAVQJMON.exe
O4 - HKLM\..\Run: [RAVZTMON] C:\WINDOWS\system32\RAVZTMON.exe
O4 - HKLM\..\Run: [RAVZXMON] C:\WINDOWS\system32\RAVZXMON.exe
O4 - HKLM\..\Run: [RAV00A3] C:\WINDOWS\system32\RAV00A3.exe
O4 - HKLM\..\Run: [RAV0091] C:\WINDOWS\system32\RAV0091.exe
O4 - HKLM\..\Run: [RAV00B2] C:\WINDOWS\system32\RAV00B2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NTService] C:\Program Files\Common Files\System\MSOSV.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4641723-C96F-49BF-B68D-BCC8F357E20B}: NameServer = 165.21.83.88 165.21.100.88
O20 - AppInit_DLLs: mydpri.dll
O23 - Service: A6049A5A - Unknown owner - C:\WINDOWS\system32\113DCAE7.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5240 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-17-2007 4:42 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Just curious, why will You not install a antivirus program ? If You don´t install - AVG Anti-Virus we are both wasting our time

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-17-2007 11:53 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
hmm..i did install the avg antivirus. this is the log after i did the scan.
Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-17-2007 11:59 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
oops. i think i misunderstood the avg antivirus and antispyware
Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-18-2007 8:15 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:29 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Autorun4] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [Microsoft Autorun5] C:\WINDOWS\system32\mosou.exe
O4 - HKLM\..\Run: [QQREST] C:\WINDOWS\system\SMSS.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDrv.exe
O4 - HKLM\..\Run: [RAVMSMON] C:\WINDOWS\Fonts\RAVMSMON.exe
O4 - HKLM\..\Run: [RAVQJMON] C:\WINDOWS\Fonts\RAVQJMON.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NTService] C:\Program Files\Common Files\System\MSOSV.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4641723-C96F-49BF-B68D-BCC8F357E20B}: NameServer = 165.21.83.88 165.21.100.88
O20 - AppInit_DLLs: mydpri.dll
O23 - Service: A6049A5A - Unknown owner - C:\WINDOWS\system32\113DCAE7.EXE (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5013 bytes

This is the new log file after I did the antivirus scan. After the scan, I can connect to the internet but I cant use internet explorer. It displays the cannot find server and dns error. I found this fix and fix it.

Click on Start, then Run. Type regedit.

FIRST OF ALL BACKUP YOUR REGISTRY (File --> Export registry file --> Export Range = All --> Enter a filename and remember the location --> Save)

Your registry file is backed up. Next:

Click once on HKEY_LOCAL_MACHINE so that it is selected.

Then click on File, then on Load Hive.

Go to My Computer the C Drive, then click twice on the Windows or Winnt folder, then the Repair folder, then click twice on the system or system.bak file.

Name the new Key "xp".

Minimize the Registry Editor.

Click on Start, Run, and type in cmd.

Type in the following:

reg copy hklm\xp\controlset001\services\winsock2 hklm\system\currentcontrolset\services\winsock2 /s /f

There is a space (not a carriage return or Enter) separating "reg copy hklm\xp\controlset001\services\winsock2" and "hklm\system\currentcontrolset\services\winsock2 /s /f"

You will get a message that the operation completed successfully.

Exit DOS or command shell.

Maximize the Registry Editor. Select the xp folder that was created.

Click on File, then UnLoad Hive.

You will be prompted to confirm the removal of the folder, click Yes.

Exit the Registry.

So what do i do from here now?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-18-2007 11:25 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Thanks for the tips, much appreciated smile
 
 
 
Please download free  Trial of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 
 
Please download ATF Cleaner:
 http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only
 
 
Download and install DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe
 
to your desktop.
 
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [Microsoft Autorun4] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [Microsoft Autorun5] C:\WINDOWS\system32\mosou.exe
O4 - HKLM\..\Run: [QQREST] C:\WINDOWS\system\SMSS.exe
O4 - HKLM\..\Run: [RAVMSMON] C:\WINDOWS\Fonts\RAVMSMON.exe
O4 - HKLM\..\Run: [RAVQJMON] C:\WINDOWS\Fonts\RAVQJMON.exe
O4 - HKCU\..\Run: [NTService] C:\Program Files\Common Files\System\MSOSV.EXE
O23 - Service: A6049A5A - Unknown owner - C:\WINDOWS\system32\113DCAE7.EXE (file missing)
 
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
 
 
 
Reboot to Safe mode
 
 
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 
 
Open Folder Options in Controlpanel >view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Delete:
Files:
C:\WINDOWS\system32\dllhost32.exe
C:\WINDOWS\system32\mosou.exe
C:\WINDOWS\system\SMSS.exe
C:\WINDOWS\Fonts\RAVQJMON.exe
C:\Program Files\Common Files\System\MSOSV.EXE
 
 
 
 
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch (Windows XP) only.
Java Cache
Recycle Bin
NB. It's normal after running ATF cleaner that the PC will be slower to boot the first time.
 
 
Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the green screwdriver-
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete
Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green  arrow in lower right corner It will now scan your  drive(s), say yes to all
 
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
 
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 
 
 
 
Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
 
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
 
 
 
Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running  ?
 
 
 
 
 
 
 
 
 
 
 

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-19-2007 6:48 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:39 AM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: mydpri.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4437 bytes



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/19/2007 at 11:20 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1300

Scan type : Complete Scan
Total Scan Time : 01:02:38

Memory items scanned : 433
Memory threats detected : 0
Registry items scanned : 4936
Registry threats detected : 0
File items scanned : 20018
File threats detected : 0



This is the DRWEB log

mydpri.dll;c:\windows\system32;Trojan.PWS.Gamania.3299;Will be cured after reboot.;
yscpxx.exe;c:\windows;Trojan.PWS.Gamania.3287;Deleted.;
TempA.exe;C:\Program Files\Common Files\System;Trojan.PWS.Gamania.3287;Deleted.;
TempB.exe;C:\Program Files\Common Files\System;Trojan.PWS.Gamania.3212;Deleted.;
TempD.exe;C:\Program Files\Common Files\System;Trojan.MulDrop.8309;Deleted.;
TempF.exe;C:\Program Files\Common Files\System;Trojan.MulDrop.8307;Deleted.;
A0004790.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP10;Trojan.PWS.Wsgame.1047;Deleted.;
A0004797.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP10;Trojan.DownLoader.28194;Deleted.;
A0004798.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP10;Trojan.PWS.Gamania.2429;Deleted.;
A0004799.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP10;Trojan.DownLoader.24130;Deleted.;
A0004999.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Probably DLOADER.Trojan;;
A0005007.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Probably DLOADER.Trojan;;
A0005008.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame.1047;Deleted.;
A0005009.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.28194;Deleted.;
A0005011.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2429;Deleted.;
A0005012.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.24130;Deleted.;
A0006008.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame.1047;Deleted.;
A0006009.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.28194;Deleted.;
A0006011.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.24130;Deleted.;
A0006012.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2429;Deleted.;
A0006017.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Probably DLOADER.Trojan;;
A0006022.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2993;Deleted.;
A0006023.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2446;Deleted.;
A0006024.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0006025.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0006026.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2882;Deleted.;
A0006037.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame.1047;Deleted.;
A0006038.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Probably DLOADER.Trojan;;
A0006040.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2429;Deleted.;
A0006041.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.28194;Deleted.;
A0006042.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.24130;Deleted.;
A0006048.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0006049.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.3212;Deleted.;
A0006050.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0006051.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.3040;Deleted.;
A0006053.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2883;Deleted.;
A0007037.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame.1047;Deleted.;
A0007038.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Probably DLOADER.Trojan;;
A0007039.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.28194;Deleted.;
A0007041.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.24130;Deleted.;
A0007042.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2429;Deleted.;
A0007050.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0007051.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.3212;Deleted.;
A0007052.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0007053.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.3040;Deleted.;
A0007059.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2379;Deleted.;
A0007060.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2881;Deleted.;
A0007061.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0007062.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0008037.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame.1047;Deleted.;
A0008038.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Probably DLOADER.Trojan;;
A0008039.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.28194;Deleted.;
A0008041.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.2429;Deleted.;
A0008042.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.DownLoader.24130;Deleted.;
A0008053.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Wsgame;Deleted.;
A0008054.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP11;Trojan.PWS.Gamania.3212;Deleted.;
A0008060.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP12;Probably DLOADER.Trojan;;
A0009040.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP12;Trojan.PWS.Wsgame.1047;Deleted.;
A0009041.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP12;Probably DLOADER.Trojan;;
A0009042.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP12;Trojan.DownLoader.28194;Deleted.;
A0009043.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP12;Trojan.DownLoader.24130;Deleted.;
A0009045.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP12;Trojan.PWS.Gamania.2429;Deleted.;
A0009070.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.DownLoader.28194;Deleted.;
A0009071.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.DownLoader.24130;Deleted.;
A0009072.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.PWS.Gamania.2429;Deleted.;
A0009073.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.PWS.Wsgame.1047;Deleted.;
A0009082.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.PWS.Wsgame.1047;Deleted.;
A0009083.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.PWS.Gamania.2429;Deleted.;
A0009084.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.DownLoader.28194;Deleted.;
A0009085.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.DownLoader.24130;Deleted.;
A0009105.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.PWS.Wsgame.1047;Deleted.;
A0009106.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.PWS.Gamania.2429;Deleted.;
A0009107.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.DownLoader.28194;Deleted.;
A0009109.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP13;Trojan.DownLoader.24130;Deleted.;
A0009120.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Probably DLOADER.Trojan;;
A0009132.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Trojan.PWS.Wsgame.1047;Deleted.;
A0009133.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Trojan.DownLoader.28194;Deleted.;
A0009134.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Probably DLOADER.Trojan;;
A0009135.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Trojan.PWS.Gamania.2429;Deleted.;
A0009137.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Trojan.DownLoader.24130;Deleted.;
A0009148.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Trojan.PWS.Gamania.2429;Deleted.;
A0009149.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Trojan.DownLoader.24130;Deleted.;
A0009150.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Trojan.PWS.Wsgame.1047;Deleted.;
A0009151.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Trojan.DownLoader.28194;Deleted.;
A0009168.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP14;Probably DLOADER.Trojan;;
A0009184.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Probably DLOADER.Trojan;;
A0009185.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Trojan.PWS.Wsgame.1047;Deleted.;
A0009187.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Trojan.DownLoader.24130;Deleted.;
A0009188.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Trojan.PWS.Gamania.2429;Deleted.;
A0009189.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Trojan.DownLoader.28194;Deleted.;
A0009199.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Trojan.PWS.Wsgame.1047;Deleted.;
A0009200.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Probably DLOADER.Trojan;;
A0009201.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Trojan.DownLoader.28194;Deleted.;
A0009203.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Trojan.DownLoader.24130;Deleted.;
A0009204.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP15;Trojan.PWS.Gamania.2429;Deleted.;
A0009239.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP16;Probably DLOADER.Trojan;;
A0010200.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Probably DLOADER.Trojan;;
A0010201.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Wsgame.1047;Deleted.;
A0010202.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.DownLoader.24130;Deleted.;
A0010204.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.2429;Deleted.;
A0010205.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.DownLoader.28194;Deleted.;
A0010232.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Wsgame;Deleted.;
A0010242.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Wsgame;Deleted.;
A0010243.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.3040;Deleted.;
A0010245.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.2801;Deleted.;
A0010246.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.3039;Deleted.;
A0010248.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.MulDrop.8052;Deleted.;
A0010250.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.2801;Deleted.;
A0010251.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.2681;Deleted.;
A0010258.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Probably DLOADER.Trojan;;
A0010260.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Wsgame.1047;Deleted.;
A0010261.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.DownLoader.24130;Deleted.;
A0010262.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.2429;Deleted.;
A0010263.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.DownLoader.28194;Deleted.;
A0010302.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Probably DLOADER.Trojan;;
A0010303.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Wsgame.1047;Deleted.;
A0010304.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.DownLoader.28194;Deleted.;
A0010306.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.DownLoader.24130;Deleted.;
A0010307.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.2429;Deleted.;
A0010340.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Wsgame.1047;Deleted.;
A0010341.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.DownLoader.28194;Deleted.;
A0010342.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Probably DLOADER.Trojan;;
A0010343.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.PWS.Gamania.2429;Deleted.;
A0010344.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP17;Trojan.DownLoader.24130;Deleted.;
A0010431.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0010432.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0010433.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0010434.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0010435.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0010469.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame;Deleted.;
A0010470.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3212;Deleted.;
A0010471.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame;Deleted.;
A0010472.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3040;Deleted.;
A0010474.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2801;Deleted.;
A0010475.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3039;Deleted.;
A0010478.sys;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3100;Deleted.;
A0010479.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.MulDrop.8052;Deleted.;
A0010480.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2993;Deleted.;
A0010481.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2801;Deleted.;
A0010482.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame;Deleted.;
A0010483.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame;Deleted.;
A0010497.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0010498.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0010500.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0010501.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0010502.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0010507.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3293;Deleted.;
A0010508.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0010522.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0010523.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0010524.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0010525.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0010528.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3293;Deleted.;
A0010529.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0011522.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0011523.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0011525.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0011526.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0011528.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3293;Deleted.;
A0011529.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0011539.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0011540.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0011541.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0011543.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0011545.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3293;Deleted.;
A0011546.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0011556.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0011557.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0011558.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0011560.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0011562.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3293;Deleted.;
A0011563.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0011564.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0011575.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0011576.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3212;Deleted.;
A0011577.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.MulDrop.8306;Deleted.;
A0011578.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.MulDrop.8309;Deleted.;
A0011580.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.MulDrop.8307;Deleted.;
A0011581.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.30360;Deleted.;
A0011582.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3298;Deleted.;
A0011585.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.MulDrop.8306;Deleted.;
A0011586.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.MulDrop.8309;Deleted.;
A0011588.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.MulDrop.8307;Deleted.;
A0011589.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.30360;Deleted.;
A0011590.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3298;Deleted.;
A0012558.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0012559.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0012560.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0012561.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0012565.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0012579.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0012580.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0012582.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0012583.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0012586.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0012595.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0012609.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0012610.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0012611.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0012613.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0012614.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0012619.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0013610.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0013611.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0013612.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0013613.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0013614.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0013619.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0013630.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0013631.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0013633.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0013634.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0013637.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0013648.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0013649.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0013650.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0013652.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0013655.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0013660.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0013698.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0013699.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0013700.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0013701.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0013703.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0013707.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0013741.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0013742.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0013743.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0013745.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0013746.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0013753.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0013767.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Wsgame.1047;Deleted.;
A0013768.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.28194;Deleted.;
A0013769.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.2429;Deleted.;
A0013771.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.DownLoader.24130;Deleted.;
A0013772.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Probably DLOADER.Trojan;;
A0013778.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP19;Trojan.PWS.Gamania.3287;Deleted.;
A0013781.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Probably DLOADER.Trojan;;
A0014767.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Wsgame.1047;Deleted.;
A0014768.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.28194;Deleted.;
A0014770.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.2429;Deleted.;
A0014771.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.24130;Deleted.;
A0014772.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Probably DLOADER.Trojan;;
A0014776.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.3287;Deleted.;
A0014788.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Wsgame.1047;Deleted.;
A0014789.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.28194;Deleted.;
A0014790.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.2429;Deleted.;
A0014792.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.24130;Deleted.;
A0014793.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Probably DLOADER.Trojan;;
A0014798.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.3287;Deleted.;
A0015788.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Wsgame.1047;Deleted.;
A0015789.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.28194;Deleted.;
A0015790.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.2429;Deleted.;
A0015792.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.24130;Deleted.;
A0015795.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.3287;Deleted.;
A0016788.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Wsgame.1047;Deleted.;
A0016789.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.28194;Deleted.;
A0016790.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.2429;Deleted.;
A0016791.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.24130;Deleted.;
A0016795.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.3287;Deleted.;
A0016809.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Wsgame.1047;Deleted.;
A0016810.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.28194;Deleted.;
A0016811.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.2429;Deleted.;
A0016813.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.24130;Deleted.;
A0016816.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.3287;Deleted.;
A0016828.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Wsgame.1047;Deleted.;
A0016829.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.28194;Deleted.;
A0016830.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.2429;Deleted.;
A0016831.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.24130;Deleted.;
A0016835.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.3287;Deleted.;
A0016841.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Probably DLOADER.Trojan;;
A0016852.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.28194;Deleted.;
A0016853.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.2429;Deleted.;
A0016854.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.DownLoader.24130;Deleted.;
A0016855.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Wsgame.1047;Deleted.;
A0016856.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Probably DLOADER.Trojan;;
A0016862.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP20;Trojan.PWS.Gamania.3287;Deleted.;
A0016864.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Probably DLOADER.Trojan;;
A0016873.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.PWS.Wsgame.1047;Deleted.;
A0016874.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.DownLoader.28194;Deleted.;
A0016876.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.DownLoader.24130;Deleted.;
A0016877.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.PWS.Gamania.2429;Deleted.;
A0016878.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Probably DLOADER.Trojan;;
A0016883.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.PWS.Gamania.3287;Deleted.;
A0016891.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.PWS.Wsgame.1047;Deleted.;
A0016892.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.DownLoader.28194;Deleted.;
A0016893.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.PWS.Gamania.2429;Deleted.;
A0016894.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.DownLoader.24130;Deleted.;
A0016898.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Trojan.PWS.Gamania.3287;Deleted.;
A0016900.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP21;Probably DLOADER.Trojan;;
A0016914.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Wsgame.1047;Deleted.;
A0016915.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.28194;Deleted.;
A0016916.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.2429;Deleted.;
A0016918.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.24130;Deleted.;
A0016919.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Probably DLOADER.Trojan;;
A0016923.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.3287;Deleted.;
A0016937.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Wsgame.1047;Deleted.;
A0016938.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.28194;Deleted.;
A0016939.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.2429;Deleted.;
A0016940.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.24130;Deleted.;
A0016942.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Probably DLOADER.Trojan;;
A0016946.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.3287;Deleted.;
A0016952.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Wsgame.1047;Deleted.;
A0016953.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.28194;Deleted.;
A0016954.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.2429;Deleted.;
A0016955.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.24130;Deleted.;
A0016957.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Probably DLOADER.Trojan;;
A0016962.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.3287;Deleted.;
A0017952.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Wsgame.1047;Deleted.;
A0017953.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.28194;Deleted.;
A0017954.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.2429;Deleted.;
A0017955.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.24130;Deleted.;
A0017959.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.3287;Deleted.;
A0017965.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Wsgame.1047;Deleted.;
A0017966.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.28194;Deleted.;
A0017968.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.2429;Deleted.;
A0017969.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.DownLoader.24130;Deleted.;
A0017972.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Trojan.PWS.Gamania.3287;Deleted.;
A0017973.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP22;Probably DLOADER.Trojan;;
A0017998.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Gamania.2882;Deleted.;
A0017999.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Wsgame;Deleted.;
A0018000.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.DownLoader.28194;Deleted.;
A0018001.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Wsgame;Deleted.;
A0018002.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Gamania.2429;Deleted.;
A0018003.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Gamania.2379;Deleted.;
A0018005.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Gamania.2681;Deleted.;
A0018022.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.DownLoader.24130;Deleted.;
A0018024.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Gamania.3287;Deleted.;
A0018028.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Probably DLOADER.Trojan;;
A0018114.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.DownLoader.24130;Deleted.;
A0018117.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Gamania.3287;Deleted.;
A0018135.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.DownLoader.24130;Deleted.;
A0018138.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP23;Trojan.PWS.Gamania.3287;Deleted.;
A0018147.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.PWS.Wsgame;Deleted.;
A0018151.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.DownLoader.24130;Deleted.;
A0018154.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.PWS.Gamania.3287;Deleted.;
A0018164.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.DownLoader.24130;Deleted.;
A0018165.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.PWS.Wsgame;Deleted.;
A0018168.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.PWS.Gamania.3287;Deleted.;
A0018179.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.DownLoader.24130;Deleted.;
A0018180.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.PWS.Wsgame;Deleted.;
A0018183.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP24;Trojan.PWS.Gamania.3287;Deleted.;
A0018192.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3287;Deleted.;
A0018197.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.MulDrop.8306;Deleted.;
A0018198.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.2993;Deleted.;
A0018199.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.2993;Deleted.;
A0018200.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.2881;Deleted.;
A0018201.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.MulDrop.8052;Deleted.;
A0018202.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Wsgame;Deleted.;
A0018203.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Wsgame;Deleted.;
A0018204.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.DownLoader.30360;Deleted.;
A0018205.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3298;Deleted.;
A0018206.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Wsgame;Deleted.;
A0018207.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Wsgame;Deleted.;
A0018208.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Probably DLOADER.Trojan;;
A0018209.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.MulDrop.8306;Deleted.;
A0018210.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.DownLoader.30360;Deleted.;
A0018211.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3298;Deleted.;
A0018212.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3287;Deleted.;
A0018213.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Wsgame.1047;Deleted.;
A0018214.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Wsgame;Deleted.;
A0018215.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.DownLoader.24130;Deleted.;
A0018245.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3287;Deleted.;
A0018253.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3287;Deleted.;
A0018263.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3287;Deleted.;
A0018272.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3287;Deleted.;
A0018288.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP25;Trojan.PWS.Gamania.3287;Deleted.;
A0018309.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP26;Trojan.PWS.Gamania.3287;Deleted.;
A0018310.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP26;Trojan.PWS.Gamania.3287;Deleted.;
A0018311.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP26;Trojan.PWS.Gamania.3212;Deleted.;
A0018312.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP26;Trojan.MulDrop.8309;Deleted.;
A0018313.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP26;Trojan.MulDrop.8307;Deleted.;
A0000507.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame.1047;Deleted.;
A0000508.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Probably DLOADER.Trojan;;
A0000509.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.DownLoader.28194;Deleted.;
A0000511.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2429;Deleted.;
A0000512.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.DownLoader.24130;Deleted.;
A0000520.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2882;Deleted.;
A0000523.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2993;Deleted.;
A0000524.sys;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2446;Deleted.;
A0000526.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000527.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000528.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2881;Deleted.;
A0000529.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2379;Deleted.;
A0000530.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2801;Deleted.;
A0000531.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000532.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000536.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2681;Deleted.;
A0000566.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Probably DLOADER.Trojan;;
A0000567.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame.1047;Deleted.;
A0000568.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.DownLoader.28194;Deleted.;
A0000569.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2429;Deleted.;
A0000571.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.DownLoader.24130;Deleted.;
A0000575.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2993;Deleted.;
A0000576.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2446;Deleted.;
A0000577.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000578.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000579.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2882;Deleted.;
A0000580.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2883;Deleted.;
A0000581.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2379;Deleted.;
A0000582.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2881;Deleted.;
A0000583.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000584.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000585.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2801;Deleted.;
A0000586.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2681;Deleted.;
A0000587.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2993;Deleted.;
A0000591.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000592.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000593.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2881;Deleted.;
A0000594.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2379;Deleted.;
A0000595.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2801;Deleted.;
A0000596.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000597.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000598.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2681;Deleted.;
A0000625.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Probably DLOADER.Trojan;;
A0000626.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame.1047;Deleted.;
A0000627.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.DownLoader.28194;Deleted.;
A0000629.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2429;Deleted.;
A0000630.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.DownLoader.24130;Deleted.;
A0000634.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2993;Deleted.;
A0000635.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2446;Deleted.;
A0000636.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000637.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000638.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2882;Deleted.;
A0000639.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2883;Deleted.;
A0000640.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2379;Deleted.;
A0000641.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2881;Deleted.;
A0000642.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000643.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000644.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2801;Deleted.;
A0000645.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2681;Deleted.;
A0000647.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2993;Deleted.;
A0000649.sys;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2446;Deleted.;
A0000650.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000651.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000652.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2881;Deleted.;
A0000653.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2379;Deleted.;
A0000654.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2801;Deleted.;
A0000655.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000656.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Wsgame;Deleted.;
A0000657.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP7;Trojan.PWS.Gamania.2681;Deleted.;
A0000684.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Probably DLOADER.Trojan;;
A0000687.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2993;Deleted.;
A0000688.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2446;Deleted.;
A0000689.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Wsgame;Deleted.;
A0000690.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Wsgame;Deleted.;
A0000692.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2882;Deleted.;
A0000693.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2883;Deleted.;
A0000694.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2379;Deleted.;
A0000695.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2881;Deleted.;
A0000708.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Wsgame;Deleted.;
A0000709.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Wsgame;Deleted.;
A0000710.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2801;Deleted.;
A0000711.exe;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2681;Deleted.;
A0000713.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Probably DLOADER.Trojan;;
A0000714.sys;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2446;Deleted.;
A0000746.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Probably DLOADER.Trojan;;
A0000747.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Wsgame.1047;Deleted.;
A0000748.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.DownLoader.28194;Deleted.;
A0000750.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.PWS.Gamania.2429;Deleted.;
A0000751.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Trojan.DownLoader.24130;Deleted.;
A0000781.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Probably DLOADER.Trojan;;
A0000786.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Probably DLOADER.Trojan;;
A0001745.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Probably DLOADER.Trojan;;
A0001746.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Wsgame.1047;Deleted.;
A0001748.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.24130;Deleted.;
A0001749.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Gamania.2429;Deleted.;
A0001750.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.28194;Deleted.;
A0002746.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Wsgame.1047;Deleted.;
A0002747.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.28194;Deleted.;
A0002749.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Gamania.2429;Deleted.;
A0002750.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.24130;Deleted.;
A0002758.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Wsgame.1047;Deleted.;
A0002759.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.28194;Deleted.;
A0002760.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Gamania.2429;Deleted.;
A0002762.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.24130;Deleted.;
A0002764.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Probably DLOADER.Trojan;;
A0003758.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Wsgame.1047;Deleted.;
A0003759.EXE;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Probably DLOADER.Trojan;;
A0003760.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.28194;Deleted.;
A0003761.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.24130;Deleted.;
A0003763.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Gamania.2429;Deleted.;
A0003775.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Wsgame.1047;Deleted.;
A0003776.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.28194;Deleted.;
A0003778.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.24130;Deleted.;
A0003779.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Gamania.2429;Deleted.;
A0003787.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Wsgame.1047;Deleted.;
A0003788.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.28194;Deleted.;
A0003790.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.DownLoader.24130;Deleted.;
A0003791.dll;C:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP9;Trojan.PWS.Gamania.2429;Deleted.;
RAVMHMON.DAT;C:\WINDOWS\Fonts;Trojan.PWS.Wsgame.1085;Deleted.;
RAVMSMON.DAT;C:\WINDOWS\Fonts;Trojan.PWS.Gamania.3351;Deleted.;
RAVMSMON.exe;C:\WINDOWS\Fonts;Trojan.MulDrop.8309;Deleted.;
RAVQJMON.exe;C:\WINDOWS\Fonts;Trojan.MulDrop.8307;Deleted.;
mydpri.dll;C:\WINDOWS\system32;Trojan.PWS.Gamania.3299;Will be cured after reboot.;
RAVZXMON.DAT;C:\WINDOWS\system32;Trojan.PWS.Gamania.3298;Deleted.;
A0000705.com;D:\System Volume Information\_restore{8ABD620B-E45D-4B67-8875-443636ECE6CF}\RP8;Probably MULDROP.Trojan;;
A0003085.com;D:\System Volume Information\_restore{E0982B24-2FEF-4044-BC72-969095B19F28}\RP16;Probably MULDROP.Trojan;;
auto.exe;G:\;Trojan.Popwin;Deleted.;
pagefiles.pif;G:\;Probably DLOADER.Trojan;;
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-19-2007 6:58 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
You´ve certainly get rid of som crap there smile
 
 
Please download Combofix:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
and save to the desktop.

Close all other browser windows.

Double click on combo.exe & follow the prompts.

When finished, it will produce a logfile located at C:\ComboFix.txt.

Post the contents of that log in your next reply with a new hijackthis log and tell how things are running

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-19-2007 7:23 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
ComboFix 07-08-14.4 - "LeoNa" 2007-08-19 14:13:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.156 [GMT 8:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\services.exe


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-19 07:57 <DIR> d-------- C:\DOCUME~1\LeoNa\DoctorWeb
2007-08-19 07:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-19 07:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-19 07:35 <DIR> d-------- C:\DOCUME~1\LeoNa\APPLIC~1\SUPERAntiSpyware.com
2007-08-19 07:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-18 12:55 <DIR> d---s---- C:\DOCUME~1\LeoNa\UserData
2007-08-12 17:44 58 --a------ C:\WINDOWS\system32\mydini.dll
2007-08-12 17:44 16,896 --a------ C:\WINDOWS\system32\NVDispDrv.dll
2007-08-10 17:00 <DIR> d-------- C:\DOCUME~1\LeoNa\APPLIC~1\WinRAR
2007-07-23 09:41 <DIR> d-------- C:\DOCUME~1\LeoNa\APPLIC~1\dvdcss


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-19 14:10 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\Azureus
2007-07-15 11:33 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\HP
2007-07-15 11:27 --------- d-------- C:\Program Files\HP
2007-07-15 11:26 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-15 11:25 --------- d-------- C:\Program Files\Common Files\HP
2007-07-15 11:22 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-15 11:18 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-07-15 10:53 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-14 23:47 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\Media Player Classic
2007-07-14 23:45 --------- d-------- C:\Program Files\Real Alternative
2007-07-14 23:45 --------- d-------- C:\Program Files\Media Player Classic
2007-07-14 23:39 --------- d-------- C:\Program Files\MSN Messenger
2007-07-14 23:08 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\vlc
2007-07-14 23:07 --------- d-------- C:\Program Files\VideoLAN
2007-07-14 09:19 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-07-14 09:09 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-07-14 08:39 --------- d-------- C:\Program Files\Azureus
2007-07-14 08:29 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-14 08:19 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-14 08:18 0 -rahs---- C:\MSDOS.SYS
2007-07-14 08:18 0 -rahs---- C:\IO.SYS
2007-07-14 08:18 0 --a------ C:\CONFIG.SYS
2007-07-14 08:18 0 --a------ C:\AUTOEXEC.BAT
2007-07-14 08:15 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-14 08:15 --------- d-------- C:\Program Files\Online Services
2007-07-14 08:14 --------- d-------- C:\Program Files\Movie Maker
2007-07-14 08:14 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-14 08:12 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-14 08:12 --------- d-------- C:\Program Files\Messenger
2007-07-14 08:11 --------- d-------- C:\Program Files\Windows NT
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2005-05-11 23:36 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AME_CSA"="amecsa.cpl" [2003-01-29 14:16 C:\WINDOWS\system32\AmeCSA.cpl]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-18 13:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4562452F-FA36-BA4F-892A-FF5FBBAC5314}"= C:\WINDOWS\system32\mydpri.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=mydpri.dll

R2 Atmuni;ATM Call Manager;C:\WINDOWS\system32\DRIVERS\atmuni.sys
R2 Rawwan;RAW WAN Driver;C:\WINDOWS\system32\DRIVERS\rawwan.sys
R3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 fOxkb;fOxkb;\??\C:\WINDOWS\system\fOxkb.sys
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys
S4 A6049A5A;A6049A5A;C:\WINDOWS\system32\113DCAE7.EXE -k


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8fecc84-31a0-11dc-a01c-00300a0d9367}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explorer\command- G:\pagefiles.pif
open\command- G:\pagefiles.pif


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
C:\WINDOWS\system32\nwizzhuxians.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 14:16:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 14:19:02
C:\ComboFix-quarantined-files.txt ... 2007-08-19 14:18
C:\ComboFix2.txt ... 2005-08-17 21:40

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14, on 2007-08-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: mydpri.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4319 bytes


The same problem still persist. the theme will change to classic and then there will be no internet connection
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-19-2007 8:14 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Ok.
 
 
Please download:
 http://swandog46.geekstogo.com/avenger.zip
 
by Swandog46 to your Desktop.
You must extract avenger. zip to your desktop, before you run it.

Start up Avenger exe.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste all the text in the quote box below.
Quote:
 
 
Files to delete:
C:\WINDOWS\system32\mydini.dll
C:\WINDOWS\system32\mydpri.dll
G:\pagefiles.pif
C:\WINDOWS\system\fOxkb.sys
G:\auto.exe
C:\WINDOWS\system32\nwizzhuxians.exe
 
 
Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

 After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
 
 
Please copy/paste the content of C:\avenger.txt into your reply along with a fresh HJT log and tell if there are  improvements ?

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-19-2007 9:59 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
ÿþL o g f i l e o f T h e A v e n g e r v e r s i o n 1 , b y S w a n d o g 4 6

R u n n i n g f r o m r e g i s t r y k e y :

\ R e g i s t r y \ M a c h i n e \ S y s t e m \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ f q a e q m s b



* * * * * * * * * * * * * * * * * * *



S c r i p t f i l e l o c a t e d a t : \ ? ? \ C : \ W I N D O W S \ s y s t e m 3 2 \ t c v b g r t i . t x t

S c r i p t f i l e o p e n e d s u c c e s s f u l l y .



S c r i p t f i l e r e a d s u c c e s s f u l l y



B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r



* * * * * * * * * * * * * * * * * * *



B e g i n n i n g t o p r o c e s s s c r i p t f i l e :



F i l e C : \ W I N D O W S \ s y s t e m 3 2 \ m y d i n i . d l l d e l e t e d s u c c e s s f u l l y .





F i l e C : \ W I N D O W S \ s y s t e m 3 2 \ m y d p r i . d l l n o t f o u n d !

D e l e t i o n o f f i l e C : \ W I N D O W S \ s y s t e m 3 2 \ m y d p r i . d l l f a i l e d !



C o u l d n o t p r o c e s s l i n e :

C : \ W I N D O W S \ s y s t e m 3 2 \ m y d p r i . d l l

S t a t u s : 0 x c 0 0 0 0 0 3 4







C o u l d n o t o p e n f i l e G : \ p a g e f i l e s . p i f f o r d e l e t i o n

D e l e t i o n o f f i l e G : \ p a g e f i l e s . p i f f a i l e d !



C o u l d n o t p r o c e s s l i n e :

G : \ p a g e f i l e s . p i f

S t a t u s : 0 x c 0 0 0 0 0 3 a







F i l e C : \ W I N D O W S \ s y s t e m \ f O x k b . s y s n o t f o u n d !

D e l e t i o n o f f i l e C : \ W I N D O W S \ s y s t e m \ f O x k b . s y s f a i l e d !



C o u l d n o t p r o c e s s l i n e :

C : \ W I N D O W S \ s y s t e m \ f O x k b . s y s

S t a t u s : 0 x c 0 0 0 0 0 3 4







C o u l d n o t o p e n f i l e G : \ a u t o . e x e f o r d e l e t i o n

D e l e t i o n o f f i l e G : \ a u t o . e x e f a i l e d !



C o u l d n o t p r o c e s s l i n e :

G : \ a u t o . e x e

S t a t u s : 0 x c 0 0 0 0 0 3 a







F i l e C : \ W I N D O W S \ s y s t e m 3 2 \ n w i z z h u x i a n s . e x e n o t f o u n d !

D e l e t i o n o f f i l e C : \ W I N D O W S \ s y s t e m 3 2 \ n w i z z h u x i a n s . e x e f a i l e d !



C o u l d n o t p r o c e s s l i n e :

C : \ W I N D O W S \ s y s t e m 3 2 \ n w i z z h u x i a n s . e x e

S t a t u s : 0 x c 0 0 0 0 0 3 4



R e g i s t r y v a l u e H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s N T \ C u r r e n t V e r s i o n \ W i n d o w s | A p p I n i t _ D L L s r e p l a c e d w i t h d u m m y s u c c e s s f u l l y .



C o m p l e t e d s c r i p t p r o c e s s i n g .



* * * * * * * * * * * * * * * * * * *



F i n i s h e d ! T e r m i n a t e .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:54 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4204 bytes

I will need to test for a while more to see if it happens again. will keep you updated
Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-19-2007 10:15 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
the same problem persists again. I can use normally for like 10 mins then the classic theme came in and I losee the connection of the internet
Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-22-2007 1:20 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Is there no hope for me already?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-22-2007 1:46 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Oops, I have missed You - sorry
 
 
Check for corrupted/missing system files -
 
To do this, simply go to the Run box on the Start Menu and type in:
sfc /scannow
This command will immediately initiate the Windows File Protection service  to scan all protected files and verify their integrity, replacing any files with which it finds a problem.
Reboot, post new combofix log and tell if there are any improvements ?

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

weeleong87
New Member


Date Joined Nov 2005
Total Posts : 17
  		   Posted 8-26-2007 2:53 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
ComboFix 07-08-14.4 - "LeoNa" 2007-08-25 7:25:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.153 [GMT 8:00]


((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


2007-08-24 23:11 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-08-24 23:11 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-08-24 23:11 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-08-24 23:10 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-08-24 23:10 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-08-24 23:09 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-08-24 23:09 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-08-24 23:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-24 23:09 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-08-24 23:09 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-08-24 23:09 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-08-24 23:09 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-08-24 23:09 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-08-24 23:08 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-08-24 23:08 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-08-24 23:08 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-08-24 23:07 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-24 23:07 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-08-24 23:07 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2007-08-24 23:07 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2007-08-24 23:07 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-08-24 23:07 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2007-08-24 23:07 25,471 --a--c--- C:\WINDOWS\system32\dllcache\watv10nt.sys
2007-08-24 23:07 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-08-24 23:07 22,271 --a--c--- C:\WINDOWS\system32\dllcache\watv06nt.sys
2007-08-24 23:07 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2007-08-24 23:07 11,935 --a--c--- C:\WINDOWS\system32\dllcache\wadv11nt.sys
2007-08-24 23:07 11,871 --a--c--- C:\WINDOWS\system32\dllcache\wadv09nt.sys
2007-08-24 23:07 11,807 --a--c--- C:\WINDOWS\system32\dllcache\wadv07nt.sys
2007-08-24 23:07 11,295 --a--c--- C:\WINDOWS\system32\dllcache\wadv08nt.sys
2007-08-24 23:06 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2007-08-24 23:06 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2007-08-24 23:06 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2007-08-24 23:06 13,568 --a--c--- C:\WINDOWS\system32\dllcache\wacompen.sys
2007-08-24 23:06 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2007-08-24 23:06 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2007-08-24 23:06 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2007-08-24 23:05 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2007-08-24 23:05 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2007-08-24 23:05 397,502 --a--c--- C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-08-24 23:05 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2007-08-24 23:04 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2007-08-24 23:04 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-08-24 23:04 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-08-24 23:04 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2007-08-24 23:04 42,240 --a--c--- C:\WINDOWS\system32\dllcache\viaagp.sys
2007-08-24 23:04 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2007-08-24 23:04 11,325 --a--c--- C:\WINDOWS\system32\dllcache\vchnt5.dll
2007-08-24 23:03 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-08-24 23:03 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2007-08-24 23:03 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2007-08-24 23:03 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-08-24 23:03 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2007-08-24 23:02 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-08-24 23:02 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-08-24 23:02 78,464 --a--c--- C:\WINDOWS\system32\dllcache\usbvideo.sys
2007-08-24 23:02 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-08-24 23:02 32,384 --a--c--- C:\WINDOWS\system32\dllcache\usb101et.sys
2007-08-24 23:02 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-08-24 23:02 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys
2007-08-24 23:02 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2007-08-24 23:02 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2007-08-24 23:02 12,672 --a--c--- C:\WINDOWS\system32\dllcache\usb8023x.sys
2007-08-24 23:01 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-08-24 23:01 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-08-24 23:01 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-08-24 23:01 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-08-24 23:01 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-08-24 23:00 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
2007-08-24 23:00 44,672 --a--c--- C:\WINDOWS\system32\dllcache\uagp35.sys
2007-08-24 23:00 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2007-08-24 23:00 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2007-08-24 23:00 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2007-08-24 22:59 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-08-24 22:59 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2007-08-24 22:59 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
2007-08-24 22:59 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2007-08-24 22:58 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-08-24 22:58 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2007-08-24 22:58 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2007-08-24 22:58 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2007-08-24 22:58 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-08-24 22:57 82,432 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2007-08-24 22:57 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
2007-08-24 22:57 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
2007-08-24 22:57 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2007-08-24 22:57 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
2007-08-24 22:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-08-24 22:56 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2007-08-24 22:56 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2007-08-24 22:56 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2007-08-24 22:56 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2007-08-24 22:55 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-08-24 22:55 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-08-24 22:55 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-08-24 22:55 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-08-24 22:55 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2007-08-24 22:54 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2007-08-24 22:54 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2007-08-24 22:54 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 07:22 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\Azureus
2007-08-19 20:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-15 11:33 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\HP
2007-07-15 11:27 --------- d-------- C:\Program Files\HP
2007-07-15 11:26 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-15 11:25 --------- d-------- C:\Program Files\Common Files\HP
2007-07-15 11:22 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-15 11:18 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-07-15 10:53 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-14 23:47 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\Media Player Classic
2007-07-14 23:45 --------- d-------- C:\Program Files\Real Alternative
2007-07-14 23:45 --------- d-------- C:\Program Files\Media Player Classic
2007-07-14 23:39 --------- d-------- C:\Program Files\MSN Messenger
2007-07-14 23:08 --------- d-------- C:\DOCUME~1\LeoNa\APPLIC~1\vlc
2007-07-14 23:07 --------- d-------- C:\Program Files\VideoLAN
2007-07-14 09:19 2722 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-07-14 09:09 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-07-14 08:39 --------- d-------- C:\Program Files\Azureus
2007-07-14 08:29 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-14 08:19 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-14 08:18 0 -rahs---- C:\MSDOS.SYS
2007-07-14 08:18 0 -rahs---- C:\IO.SYS
2007-07-14 08:18 0 --a------ C:\CONFIG.SYS
2007-07-14 08:18 0 --a------ C:\AUTOEXEC.BAT
2007-07-14 08:15 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-14 08:15 --------- d-------- C:\Program Files\Online Services
2007-07-14 08:14 --------- d-------- C:\Program Files\Movie Maker
2007-07-14 08:14 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-14 08:12 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-14 08:12 --------- d-------- C:\Program Files\Messenger
2007-07-14 08:11 --------- d-------- C:\Program Files\Windows NT
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2005-05-11 23:36 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-18 13:04]
"AME_CSA"="amecsa.cpl" [2003-01-29 14:16 C:\WINDOWS\system32\AmeCSA.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4562452F-FA36-BA4F-892A-FF5FBBAC5314}"= C:\WINDOWS\system32\mydpri.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 Atmuni;ATM Call Manager;C:\WINDOWS\system32\DRIVERS\atmuni.sys
R2 Rawwan;RAW WAN Driver;C:\WINDOWS\system32\DRIVERS\rawwan.sys
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 fOxkb;fOxkb;\??\C:\WINDOWS\system\fOxkb.sys
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys
S4 A6049A5A;A6049A5A;C:\WINDOWS\system32\113DCAE7.EXE -k


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8fecc84-31a0-11dc-a01c-00300a0d9367}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explorer\command- G:\pagefiles.pif
open\command- G:\pagefiles.pif


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
C:\WINDOWS\system32\nwizzhuxians.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 07:27:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 7:28:46
C:\ComboFix-quarantined-files.txt ... 2007-08-25 07:28
C:\ComboFix2.txt ... 2007-08-19 14:19
C:\ComboFix3.txt ... 2005-08-17 21:40

--- E O F ---

still not getting any better
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-27-2007 8:32 (GMT +1)    Quote: Windows Theme Changed to Classic and no Internet ConnectionAlert an admin about: Windows Theme Changed to Classic and no Internet Connection
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
File::
C:\WINDOWS\system32\drivers\usbine.sys
C:\WINDOWS\system32\ctfnom.exe
C:\WINDOWS\system32\dh2103.dll
C:\WINDOWS\system32\dllhost32.exe
C:\WINDOWS\system32\EBSPI.dll
C:\WINDOWS\system32\mh104.dll
C:\WINDOWS\system32\MOSOU.dll
C:\WINDOWS\system32\mosou.exe
C:\WINDOWS\system32\MsAudio.sys
C:\WINDOWS\system32\nwizdh.exe
C:\WINDOWS\system32\nwizfy.dll
C:\WINDOWS\system32\nwizfy.exe
C:\WINDOWS\system32\nwizhx2.dll
C:\WINDOWS\system32\nwizhx2.exe
C:\WINDOWS\system32\nwizqjsj.exe
C:\WINDOWS\system32\nwiztlbb.dll
C:\WINDOWS\system32\nwiztlbu.exe
C:\WINDOWS\system32\nwizwlwzs.dll
C:\WINDOWS\system32\nwizwlwzs.exe
C:\WINDOWS\system32\nwizwmgjs.dll
C:\WINDOWS\system32\nwizwmgjs.exe
C:\WINDOWS\system32\nwizzhuxians.dll
C:\WINDOWS\system32\nwizzhuxians.exe
C:\WINDOWS\system32\Ravasktao.dll
C:\WINDOWS\system32\Ravasktao.exe
C:\WINDOWS\system32\ztinetzt.dll
C:\WINDOWS\system32\ztinetzt.exe
C:\Program Files\WindowsUpdate
C:\WINDOWS\system32\mydpri.dll
 
 
Registry:
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
 
 
----------------------------------------------
 
Save this as CFScript.txt
 
http://www.fromsej.saknet.dk/billeder/cfscript.gif
 
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
 
 
Post new combofix log and tell if there improvements

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 
New Topic Post reply to : Windows Theme Changed to Classic and no Internet Connection Printable version of : Windows Theme Changed to Classic and no Internet Connection
 
Forum Information
Currently it is Saturday, November 21, 2009 4:14 PM (GMT +1)
There are a total of 73.034 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 71 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil.
35 Guest(s), 1 Registered Member(s) are currently online.  Details
DanLasko
5 Latest Threads
Constant scanning andskipped files? (3)21-11-2009 14:33:51 (Dickens)
Cannot install anti-virus softeware or do window updates... need help (17)21-11-2009 13:46:11 (superjesse)
Michael Vick jerseys (1)21-11-2009 09:42:37 (Dickens)
Arizona Cardinals Jerseys (1)21-11-2009 09:37:23 (Dickens)
How to remove this Malware/Virus (0)21-11-2009 06:54:16 (bozzack)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard