Smitfraud and torpig

I

IFKSJOLD

New member
Hey, having the same problems as everybody else with SMITFRAUD and TORPIG i turn to you for assistance.

I have ran about all possible virus checks and spyware progs that i could find :-)

XoftSpySE
AVG antivirus
AVG antispyware
Avast antivirus
Ad-aware SE
Ad-aware 2007

And Spybot

These can find and cure a lot of trouble, but i keep receiving SMITFRAUD and TORPIG, hijacking browsers and avast keeps interupting with trojan infections.


I have done what is told in the "before you post" and here are the info:

Did the eTrust Antivirus Web Scanner:

http://www.ca.com/us/securityadvisor/virusinfo/scan.aspx:

Scan Results: 151109 files scanned. 9 viruses were detected.

File Infection Status Path
A0011684.dll Win32/Vundo!generic infected C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\
A0011704.dll Win32/Chisyne!generic infected C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\
A0011716.dll Win32/Vundo!generic infected C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\
bmmbjsbd.dll Win32/Vundo!generic infected C:\WINDOWS\system32\
cgwymmpe.dll Win32/Vundo!generic infected C:\WINDOWS\system32\
hdlbrnrs.dll Win32/Vundo!generic infected C:\WINDOWS\system32\
mqdhhyhe.dll Win32/Vundo!generic infected C:\WINDOWS\system32\
pmnlk.dll Win32/Vundo!generic infected C:\WINDOWS\system32\
game.class-506f6b50-7a2baef5.class Java/Figfub!exploit infected D:\Documents and Settings\Skjold Klub\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\

Scan Results: 151109 files scanned. 9 viruses were detected.

And asked for the site to fix it, then this came:

File Infection Status Path
A0011684.dll Win32/Vundo!generic cannot cure C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\
A0011704.dll Win32/Chisyne!generic cannot cure C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\
A0011716.dll Win32/Vundo!generic cannot cure C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\
bmmbjsbd.dll Win32/Vundo!generic cannot cure C:\WINDOWS\system32\
cgwymmpe.dll Win32/Vundo!generic cannot cure C:\WINDOWS\system32\
hdlbrnrs.dll Win32/Vundo!generic cannot cure C:\WINDOWS\system32\
mqdhhyhe.dll Win32/Vundo!generic cannot cure C:\WINDOWS\system32\
pmnlk.dll Win32/Vundo!generic cannot cure C:\WINDOWS\system32\
game.class-506f6b50-7a2baef5.class Java/Figfub!exploit cannot cure D:\Documents and Settings\Skjold Klub\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\


Did the Trend Micro test: - Found a lot of errors etc and cleaned it, but not all could be cured....

Did the spybot in safe mode and was able to fix those problems i had troubles with before doing it in safe mode...

Ran Hijackthis in normal mode and came up with this: -

Logfile of HijackThis v1.99.1
Scan saved at 18:37:57, on 26-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ifkskjold.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)
O2 - BHO: (no name) - {6003C9B6-F909-4A63-B947-F38E4A365726} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\yayayvw.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\mqdhhyhe.dll",realset
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O20 - Winlogon Notify: yayayvw - yayayvw.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Can anyone help with getting rid of any trouble as well as check if this is done the right way??
Furthermore my cpu is hell slow at the moment....
Rasmus
 
Hi IFKSJOLD

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
 
Great thank you:-)

Here is the VundoFix.txt:


VundoFix V6.5.1

Checking Java version...

Sun Java not detected
Scan started at 15:01:40 28-06-2007

Listing files found while scanning....

C:\windows\system32\ehyhhdqm.ini
C:\WINDOWS\system32\mqdhhyhe.dll

Beginning removal...

Attempting to delete C:\windows\system32\ehyhhdqm.ini
C:\windows\system32\ehyhhdqm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mqdhhyhe.dll
C:\WINDOWS\system32\mqdhhyhe.dll Has been deleted!

Performing Repairs to the registry.
Done!

And here are the hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 15:18:13, on 28-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ifkskjold.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6003C9B6-F909-4A63-B947-F38E4A365726} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O20 - Winlogon Notify: yayayvw - yayayvw.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Impressive that one can actually understand these logs ;-)
 
Hi

You are using two antivirus, AVG and avast!

Uninstall one of them.

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {6003C9B6-F909-4A63-B947-F38E4A365726} - (no file)
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O20 - Winlogon Notify: yayayvw - yayayvw.dll (file missing)

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report
 
AVG uninstalled.

Did as told in Hijackthis.

The Kaspersky Online Scanner found about 46 viruses and 678 infected files. Quite a bunch. Here are the log from that check:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 28, 2007 5:47:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/06/2007
Kaspersky Anti-Virus database records: 354879
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 151395
Number of viruses found: 46
Number of infected objects: 678
Number of suspicious objects: 0
Duration of the scan process: 01:05:45

Infected Object Name / Virus Name / Last Action
C:\Programmer\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\report\Resident (overvågende) beskyttelse.txt Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011849.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011850.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011851.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP70\A0014294.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\change.log Object is locked skipped
C:\VundoFix Backups\mqdhhyhe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\kstmhp.sys Infected: Trojan.Win32.KillAV.ka skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\tuvtroo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wmfptc32.dll Infected: Trojan.Win32.KillAV.ka skipped
C:\WINDOWS\system32\wmfptc32.dl_/ Infected: Trojan.Win32.KillAV.ka skipped
C:\WINDOWS\system32\wmfptc32.dl_ MS Expand: infected - 1 skipped
C:\WINDOWS\TEMP\$_2341233.TMP Object is locked skipped
C:\WINDOWS\TEMP\$_2341234.TMP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_4cc.dat Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Oversigt\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\A0011626.exe.bac_a02076 Infected: Trojan-Downloader.Win32.Tiny.gx skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\A0011684.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\A0011704.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\A0011716.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\bmmbjsbd.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\cgwymmpe.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\CMEIIAPI.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\CMESys.exe.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6034 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146160.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146161.CPY/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146161.CPY/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146161.CPY/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146161.CPY/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146161.CPY/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146161.CPY/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146161.CPY Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146168.CPY/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146168.CPY/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146168.CPY/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076/A0146168.CPY Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076 CAB: infected - 12 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02076 CryptFF.b: infected - 12 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146160.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146161.CPY/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146161.CPY/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146161.CPY/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146161.CPY/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146161.CPY/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146161.CPY/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146161.CPY Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146168.CPY/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146168.CPY/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146168.CPY/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332/A0146168.CPY Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332 CAB: infected - 12 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1066.CAB.bac_a02332 CryptFF.b: infected - 12 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136287.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136288.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136289.CPY Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136290.CPY Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136291.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136292.CPY Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136293.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136294.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136295.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136296.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136297.CPY Infected: not-a-virus:AdWare.Win32.Gator.3124 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136298.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136299.CPY Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076/A0136300.CPY Infected: not-a-virus:AdWare.Win32.Gator.4203 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076 CAB: infected - 14 skipped
 
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02076 CryptFF.b: infected - 14 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136287.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136288.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136289.CPY Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136290.CPY Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136291.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136292.CPY Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136293.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136294.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136295.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136296.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136297.CPY Infected: not-a-virus:AdWare.Win32.Gator.3124 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136298.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136299.CPY Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332/A0136300.CPY Infected: not-a-virus:AdWare.Win32.Gator.4203 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332 CAB: infected - 14 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1152.CAB.bac_a02332 CryptFF.b: infected - 14 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076/A0136301.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076/A0136302.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076/A0136303.CPY Infected: not-a-virus:AdWare.Win32.Gator.6051 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076/A0136304.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076/A0136305.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076/A0136306.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076/A0136312.CPY Infected: not-a-virus:AdWare.Win32.Gator.h skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076/A0136314.CPY Infected: not-a-virus:AdWare.Win32.Gator.h skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076 CAB: infected - 8 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02076 CryptFF.b: infected - 8 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332/A0136301.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332/A0136302.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332/A0136303.CPY Infected: not-a-virus:AdWare.Win32.Gator.6051 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332/A0136304.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332/A0136305.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332/A0136306.CPY Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332/A0136312.CPY Infected: not-a-virus:AdWare.Win32.Gator.h skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332/A0136314.CPY Infected: not-a-virus:AdWare.Win32.Gator.h skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332 CAB: infected - 8 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS1153.CAB.bac_a02332 CryptFF.b: infected - 8 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02076/A0119147.CPY Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02076/A0119155.CPY/vsn.exe Infected: not-a-virus:AdWare.Win32.SaveNow.al skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02076/A0119155.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.al skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02076 CAB: infected - 3 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02076 CryptFF.b: infected - 3 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02332/A0119147.CPY Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02332/A0119155.CPY/vsn.exe Infected: not-a-virus:AdWare.Win32.SaveNow.al skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02332/A0119155.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.al skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02332 CAB: infected - 3 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\FS902.CAB.bac_a02332 CryptFF.b: infected - 3 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\GAppMgr.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\GController.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\GDwldEng.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.3124 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\GIocl.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\GIoclClient.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\GObjs.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\GStore.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\GStoreServer.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\Gtools.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\hdlbrnrs.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\mqdhhyhe.dll.bac_a02076 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine\NDNuninstall6_38.exe.bac_a02076 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Documents and Settings\Skjold Klub\Application Data\ѕymbols\lsass.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
D:\Documents and Settings\Skjold Klub\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Identities\{D757A92D-FEAD-48EB-9171-C90B8CB15712}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Identities\{D757A92D-FEAD-48EB-9171-C90B8CB15712}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Skjold Klub\ntuser.dat.LOG Object is locked skipped
 
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP66\A0011635.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
D:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\change.log Object is locked skipped
F:\_RESTORE\TEMP\A0029503.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029503.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029503.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029504.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029504.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029504.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029505.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029505.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029505.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029506.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029506.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029506.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029507.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029507.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029507.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029508.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029508.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029508.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029509.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029509.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029509.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029510.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029510.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029510.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029511.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029511.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029511.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029512.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029512.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029512.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029513.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029513.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029513.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029514.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029514.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029514.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029515.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029515.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029515.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029516.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029516.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029516.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029517.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029517.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029517.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029518.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029518.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029518.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029519.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029519.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029519.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029520.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029520.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029520.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029521.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029521.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029521.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029522.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029522.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029522.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029523.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029523.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029523.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029524.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029524.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029524.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029525.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029525.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029525.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029526.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029526.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029526.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029527.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029527.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029527.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029528.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029528.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029528.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029529.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029529.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029529.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029530.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029530.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029530.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029531.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029531.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029531.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029532.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029532.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029532.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029533.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029533.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029533.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029534.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029534.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029534.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029535.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029535.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029535.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029536.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029536.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029536.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029537.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029537.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029537.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029538.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029538.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029538.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029539.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029539.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029539.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029540.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029540.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029540.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029541.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029541.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029541.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029542.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029542.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029542.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029543.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029543.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029543.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029544.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029544.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029544.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029545.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029545.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029545.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029546.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029546.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029546.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029547.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029547.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029547.CPY Embedded CAB: infected - 2 skipped
 
F:\_RESTORE\TEMP\A0029548.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029548.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029548.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029549.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029549.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029549.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029550.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029550.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029550.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029551.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029551.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029551.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029552.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029552.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029552.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029553.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029553.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029553.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029554.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029554.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029554.CPY Embedded CAB: infected - 2 skipped
F:\_RESTORE\TEMP\A0029555.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029555.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029555.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029555.CPY Embedded CAB: infected - 3 skipped
F:\_RESTORE\TEMP\A0029556.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029556.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029556.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029556.CPY Embedded CAB: infected - 3 skipped
F:\_RESTORE\TEMP\A0029557.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029557.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029557.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029557.CPY Embedded CAB: infected - 3 skipped
F:\_RESTORE\TEMP\A0029558.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029558.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029558.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029558.CPY Embedded CAB: infected - 3 skipped
F:\_RESTORE\TEMP\A0029559.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029559.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029559.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029559.CPY Embedded CAB: infected - 3 skipped
F:\_RESTORE\TEMP\A0029570.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.k skipped
F:\_RESTORE\TEMP\A0029570.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029570.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029570.CPY Embedded CAB: infected - 3 skipped
F:\_RESTORE\TEMP\A0029571.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\TEMP\A0029571.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029571.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\TEMP\A0029571.CPY Embedded CAB: infected - 3 skipped
F:\_RESTORE\ARCHIVE\FS1117.CAB/A0131625.CPY Infected: not-a-virus:AdWare.Win32.Altnet.o skipped
F:\_RESTORE\ARCHIVE\FS1117.CAB/A0131649.CPY Infected: Trojan-Downloader.Win32.Small.alx skipped
F:\_RESTORE\ARCHIVE\FS1117.CAB CAB: infected - 2 skipped
F:\_RESTORE\ARCHIVE\FS1172.CAB/A0138631.CPY Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
F:\_RESTORE\ARCHIVE\FS1172.CAB/A0138635.CPY Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
F:\_RESTORE\ARCHIVE\FS1172.CAB CAB: infected - 2 skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143952.CPY Infected: not-a-virus:AdWare.Win32.Altnet.d skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143969.CPY Infected: not-a-virus:AdWare.Win32.Perfnav.a skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143972.CPY Infected: not-a-virus:AdWare.Win32.Altnet.l skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143984.CPY Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143985.CPY Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143987.CPY Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143988.CPY Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143989.CPY Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143990.CPY Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143991.CPY Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0143993.CPY Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB/A0144047.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS1208.CAB CAB: infected - 12 skipped
F:\_RESTORE\ARCHIVE\FS1209.CAB/W0185708.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS1209.CAB CAB: infected - 1 skipped
F:\_RESTORE\ARCHIVE\FS1217.CAB/A0147370.CPY Infected: Trojan-Downloader.Win32.Keenval.g skipped
F:\_RESTORE\ARCHIVE\FS1217.CAB CAB: infected - 1 skipped
F:\_RESTORE\ARCHIVE\FS549.CAB/A0081296.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS549.CAB CAB: infected - 1 skipped
F:\_RESTORE\ARCHIVE\FS551.CAB/W0093825.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS551.CAB CAB: infected - 1 skipped
F:\_RESTORE\ARCHIVE\FS666.CAB/A0096631.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS666.CAB CAB: infected - 1 skipped
F:\_RESTORE\ARCHIVE\FS671.CAB/W0109316.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS671.CAB CAB: infected - 1 skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110787.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110787.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110787.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110788.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110788.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110788.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110789.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110789.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110789.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110790.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110790.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110790.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110791.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110791.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110791.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110792.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110792.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110792.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110793.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110793.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110793.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110794.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110794.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110794.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110795.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110795.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110795.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110796.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110796.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110796.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110797.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110797.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110797.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110798.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110798.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110798.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110799.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110799.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110799.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110800.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110800.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110800.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110801.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110801.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110801.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110802.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110802.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110802.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110803.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110803.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110803.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110804.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110804.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110804.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110805.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110805.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110805.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110806.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110806.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110806.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110807.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110807.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110807.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110808.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110808.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110808.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110809.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110809.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110809.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110810.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110810.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110810.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110811.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110811.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110811.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110812.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110812.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110812.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110813.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110813.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110813.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110814.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110814.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110814.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110815.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110815.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110815.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110816.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110816.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110816.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110817.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110817.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110817.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110818.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110818.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110818.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
 
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110819.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110819.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110819.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110820.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110820.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110820.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110821.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110821.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110821.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110822.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110822.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110822.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110823.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110823.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110823.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110824.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110824.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110824.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110825.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110825.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110825.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110826.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110826.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110826.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110827.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110827.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110827.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110828.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110828.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110828.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110829.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110829.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110829.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110830.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110830.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110830.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110831.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110831.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110831.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110832.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110832.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110832.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110833.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110833.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110833.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110834.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110834.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB/A0110834.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS792.CAB CAB: infected - 144 skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110835.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110835.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110835.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110836.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110836.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110836.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110837.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110837.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110837.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110838.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110838.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110838.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110839.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110839.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110839.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110840.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110840.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110840.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110841.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110841.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110841.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110842.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110842.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110842.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110843.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110843.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110843.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110844.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110844.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110844.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110845.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110845.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110845.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110846.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110846.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110846.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110847.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110847.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110847.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110848.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110848.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110848.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110849.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110849.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110849.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110850.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110850.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110850.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110851.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110851.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110851.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110852.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110852.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110852.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110853.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110853.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110853.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110854.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110854.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110854.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110855.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110855.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110855.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110856.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110856.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110856.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110857.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110857.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110857.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110858.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110858.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110858.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110859.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110859.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110859.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110860.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110860.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110860.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110861.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110861.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110861.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110862.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110862.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110862.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110863.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110863.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110863.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110864.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110864.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110864.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110865.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110865.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110865.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110866.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110866.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110866.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110867.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110867.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110867.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110868.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110868.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110868.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110869.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110869.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110869.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110870.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110870.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110870.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110871.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110871.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110871.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110872.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110872.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110872.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110873.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110873.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110873.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
 
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110874.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110874.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110874.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110875.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110875.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110875.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110876.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110876.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110876.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110877.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110877.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110877.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110878.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110878.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110878.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110878.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110879.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110879.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110879.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110879.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110880.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110880.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110880.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110880.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110881.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110881.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110881.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110881.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110882.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110882.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110882.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110882.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110883.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110883.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110883.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110883.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110890.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110891.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110895.CPY/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ah skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110895.CPY/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110895.CPY/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB/A0110895.CPY Infected: not-a-virus:AdWare.Win32.SaveNow.m skipped
F:\_RESTORE\ARCHIVE\FS793.CAB CAB: infected - 159 skipped
F:\_RESTORE\ARCHIVE\FS882.CAB/A0115900.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet.g skipped
F:\_RESTORE\ARCHIVE\FS882.CAB CAB: infected - 1 skipped
F:\_RESTORE\ARCHIVE\FS886.CAB/W0138957.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS886.CAB CAB: infected - 1 skipped
F:\_RESTORE\ARCHIVE\FS1348.CAB/A0010276.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS1348.CAB/A0010277.CPY Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\_RESTORE\ARCHIVE\FS1348.CAB/A0010278.CPY Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
F:\_RESTORE\ARCHIVE\FS1348.CAB CAB: infected - 3 skipped
F:\WINDOWS\TEMP\SaveNow\SaveNowInst.exe/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa skipped
F:\WINDOWS\TEMP\SaveNow\SaveNowInst.exe/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
F:\WINDOWS\TEMP\SaveNow\SaveNowInst.exe CAB: infected - 2 skipped
F:\WINDOWS\TEMP\pacificpokersetup.exe/WISE0571.BIN Infected: not-a-virus:AdWare.Win32.Casino.o skipped
F:\WINDOWS\TEMP\pacificpokersetup.exe WiseSFX: infected - 1 skipped
F:\WINDOWS\Temporary Internet Files\Content.IE5\65Y397UD\a579a07a[1].js Infected: Trojan-Downloader.JS.Small.af skipped
F:\WINDOWS\NDNuninstall4_34.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\WINDOWS\NDNuninstall4_80.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\WINDOWS\NDNuninstall4_88.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\WINDOWS\NDNuninstall5_20.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\WINDOWS\NDNuninstall5_40.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\WINDOWS\NDNuninstall6_10.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\WINDOWS\NDNuninstall6_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\WINDOWS\NDNuninstall6_30.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.g skipped
F:\Programmer\Internet Explorer\PLUGINS\NPONFLOW.DLL Infected: not-a-virus:AdWare.Win32.OnFlow skipped
F:\Programmer\Internet Explorer\PLUGINS\onflowreport.exe Infected: not-a-virus:AdWare.Win32.OnFlow skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011852.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011854.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011855.dll Infected: not-a-virus:AdWare.Win32.Gator.3124 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011856.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011857.exe Infected: not-a-virus:AdWare.Win32.Gator.6034 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011858.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011861.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011862.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011863.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011864.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011865.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011866.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 skipped
F:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\change.log Object is locked skipped

Scan process completed.
 
And the HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:49:25, on 28-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ifkskjold.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

End of that :-)

Again that was a great load, im really sorry for this lot....
 
Hi

First I have to ask, is F drive some kind of backup drive?

Because it seems to contain system restore files from win me.
 
Hi.

I actually have no idea....I believe that they are just 3 harddisks put into one cpu to keep important documents and pics from older cpus. Thats is what I wanted, but if there was some higher meaning i don't know (though i don't think there was).

The system i'm running with now should be XP so the ME files i have no clue about... But i know that other harddisks has been added to the cpu for above reasons. Maybe its just system files from the old cpu???

If it is possible i believe it is deletable....
 
Hi

Ok, then you don't need to scan f: drive again :)

Empty this folder:

D:\Documents and Settings\Skjold Klub\.housecall6.6\Quarantine

Delete these:

C:\WINDOWS\system32\drivers\kstmhp.sys
C:\WINDOWS\system32\tuvtroo.dll
C:\WINDOWS\system32\wmfptc32.dll
C:\WINDOWS\system32\wmfptc32.dl_/

Empty Recycle Bin

Re-scan with kaspersky (c: and d: drives only)

Post:

- a fresh HijackThis log
- kaspersky report
 
Did as told

When i was about to delete the C:\WINDOWS\system32\wmfptc32.dll avast promted me with this one an removed it to the virus chest. Though all is deleted as you told me to....

The Kaspersky check:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, June 29, 2007 3:09:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 29/06/2007
Kaspersky Anti-Virus database records: 355352
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 59471
Number of viruses found: 6
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 00:35:59

Infected Object Name / Virus Name / Last Action
C:\Programmer\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\report\Resident (overvågende) beskyttelse.txt Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011849.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011850.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011851.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP70\A0014294.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\A0015420.dll Infected: Trojan.Win32.KillAV.ka skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\A0015421.sys Infected: Trojan.Win32.KillAV.ka skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\A0015422.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\change.log Object is locked skipped
C:\VundoFix Backups\mqdhhyhe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\pmnlk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\$_2341233.TMP Object is locked skipped
C:\WINDOWS\TEMP\$_2341234.TMP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_4c8.dat Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Oversigt\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Skjold Klub\Application Data\ѕymbols\lsass.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
D:\Documents and Settings\Skjold Klub\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Identities\{D757A92D-FEAD-48EB-9171-C90B8CB15712}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Identities\{D757A92D-FEAD-48EB-9171-C90B8CB15712}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Oversigt\History.IE5\MSHist012007062920070630\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Temp\~DFBC39.tmp Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Skjold Klub\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Skjold Klub\UserData\index.dat Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP66\A0011635.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
D:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\change.log Object is locked skipped

Scan process completed.
 
Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 15:10:54, on 29-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Real\Update_OB\RealOneMessageCenter.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ifkskjold.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
 
Just out of curiosity i'm doing a scan on Kaspersky with the F: and it seems as all the viruses is there. I can post a kaspersky report on request to see if it has anything to do with the rest or if it is harmless stuff.....
 
Hi

"Just out of curiosity i'm doing a scan on Kaspersky with the F: and it seems as all the viruses is there"

There are viruses but they're in ME system restore in backups and inactive. So, those really don't matter :)

You can delete this folder if you like to:

F:\_RESTORE

And empty this folder:

F:\WINDOWS\TEMP

Empty this folder:

C:\VundoFix Backups\

Delete these:

D:\Documents and Settings\Skjold Klub\Application Data\ѕymbols\
C:\WINDOWS\system32\pmnlk.dll

Empty Recycle Bin.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
 
Incredible that i had to go to page 9 to find the thread, you people are doing awesome work....

Did as told.

New Kaspersky test:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 02, 2007 3:51:06 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/07/2007
Kaspersky Anti-Virus database records: 356778
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 59552
Number of viruses found: 7
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 00:36:45

Infected Object Name / Virus Name / Last Action
C:\Programmer\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmer\Alwil Software\Avast4\DATA\report\Resident (overvågende) beskyttelse.txt Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011683.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011849.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011850.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP69\A0011851.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP70\A0014294.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\A0015420.dll Infected: Trojan.Win32.KillAV.ka skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\A0015421.sys Infected: Trojan.Win32.KillAV.ka skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP72\A0015422.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP73\A0015437.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP73\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\$_2341233.TMP Object is locked skipped
C:\WINDOWS\TEMP\$_2341234.TMP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_4e8.dat Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Oversigt\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Skjold Klub\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Identities\{D757A92D-FEAD-48EB-9171-C90B8CB15712}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Identities\{D757A92D-FEAD-48EB-9171-C90B8CB15712}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Oversigt\History.IE5\MSHist012007070220070703\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Skjold Klub\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Skjold Klub\ntuser.dat.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP66\A0011635.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
D:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP73\A0015440.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
D:\System Volume Information\_restore{4D25720C-D913-4297-878B-534CFAB8E819}\RP73\change.log Object is locked skipped

Scan process completed.
 
New Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 15:52:14, on 02-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ifkskjold.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifkskjold.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

Rasmus :-)
 
You must log in or register to reply here.
Back
Top