could some one look at my hijack this log?

Logfile of HijackThis v1.99.1
Scan saved at 11:02:01, on 01/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium antivirus 2005\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.a...c0e41428&LCID=1033&OS=5.1.2600.2.00010300.1.0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{531F9177-EA71-4336-9CC1-CD654AA19B02}: NameServer = 213.130.128.32 213.130.128.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{C966C63C-30BD-49A9-8E18-69CCA0DEA8BB}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium antivirus 2005\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPSrv.exe

 

Download CCleaner: http://filehippo.com/download_ccleaner/

During installation, there's an option to install the Yahoo! tool bar on Internet Explorer. If you do not want it, simply uncheck it during installation.

Download Ewido Anti-Spyware: http://www.ewido.net/en/download/

Install it, update for the latest signatures (your firewall may notify you that Ewido is requesting permission to gain internet access...you can allow it). Do [bold]not[/bold] scan just yet...

Run Hijack This, choose [bold]Run a system scan only[/bold], remove this entry:
[bold]
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) [/bold]

I am curious about these two though. Did you put/enable restrictions on your Interner Explorer?
[bold]
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/bold]

We'll worry about these later.

Boot into safe mode, instructions here: http://www.pchell.com/support/safemode.shtml

or if you want to use this prog instead to boot into safe mode: http://superadblocker.com/bootsafe.html

After you have successfully entered safe mode, run CCleaner and select [bold]Run Cleaner[/bold] on the bottom right. You will encounter a pop-up notifying you that once you delete the cookies/temp files, you will not be able to recover it. Go ahead and click ok. Depending how much stuff you've accumulated, it might take a few moments. After it is done, run Ewido. On the top left, choose [bold]Scanner[/bold], then choose [bold] Complete System Scan[/bold]. This will take some time....

After Ewido is done scanning, if it displays objects/infections found, you can go ahead and quarantine them by choosing "apply" for all infections...

After you are done, post a log from HIjack This and from Ewido...

 

i have not put any restrictions on the pc that i'm aware off!

 

You should fix those two entires using HijackThis.

Post a new HijackThis log, just to be sure you clean.

 

i followed the steps above, wasn't sure what to run in ccleaner but just used the clean tool, hope it worked. but here's my new hijackthis log and below that is the ewido log!

Logfile of HijackThis v1.99.1
Scan saved at 19:13:19, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium antivirus 2005\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\avciman.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psimreal.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/wdgt3/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.a...c0e41428&LCID=1033&OS=5.1.2600.2.00010300.1.0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C966C63C-30BD-49A9-8E18-69CCA0DEA8BB}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium antivirus 2005\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPSrv.exe




Ewido Log

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:57:04 05/09/2006

+ Scan result:



C:\Program Files\eMule0.47a\Incoming\Windows.Media.Player.Codec.Pack.With.DivX.And.Xvid.Codecs.Wi.rar/Codec Pack Installer.exe -> Dropper.Delf.dh : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Cookies\guest@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nikki Burns\Cookies\nikki burns@questionmarket[1]_txt.vir -> TrackingCookie.Questionmarket : Cleaned.


::Report end

 

Ok, almost finished.

Run a scan only with HijackThis, check to fix these.

[bold]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [/bold]

Close all windows except HijackThis then click Fix Checked.

Then, go here and download the latest update for Java [bold]5.0 Update 8[/bold]

Uninstall previous version of Java from Add/Remove Programs then install update 8.


After that, you should be clean. Having any more problems?

 

thanks guys that seems to have sorted it! your all fab!

 

Logfile of HijackThis v1.99.1
Scan saved at 6:42:09 AM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
F:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\isnotify.exe
F:\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin....com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...RD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {400B5ABF-C259-2417-14FA-0A381324A088} - C:\WINDOWS\system32\jfupkdh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" perf "C:\Program Files\NVIDIA Corporation\nTune\Profiles\Baseline.npe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avehgjl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\avehgjl.dll,jwzesye
O4 - HKCU\..\Run: [Jhoos] "C:\PROGRA~1\Jhoos\Jhoos.exe" -minimize
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155965209759
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155965612834
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{788D3387-20F2-441A-A228-51127DE7D17B}: NameServer = 68.6.16.30,68.6.16.25
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
----------------------------------------------------------------------------------------------------



I seem to have stepped in something nasty, so to speak. I apparently got some wonderful piece of spyware that keeps 'evolving' on me. I have been going online, and getting step by step removal instructions for it, but each time I do, it comes back the next reboot as a different variation.

It keeps telling me that my computer is at risk, first it was telling me spyquake, or quakespy, something like that. Then it was some other 'anti-spyware' program I should buy last night, and this morning it's "Malware Wipe" anothr fake piece of anti-spy that does nothing. I don't mind doing hardcore removals, but I need one that is going to kill it for good. I'm tired of getting this junk, and it's taking a toll on system performance.

If anyone can help me out with this, I would greatly appreciate it.

THANKS!

 

Hi handsom,

Go here and download SmitFraudFix.zip to your desktop.
Extract all files to the desktop.
* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Double-click smitfraudfix.cmd
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Post back with the contents of rapport.txt and a new HijackThis log.

 

Logfile of HijackThis v1.99.1
Scan saved at 11:28:26 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
F:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin....com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {400B5ABF-C259-2417-14FA-0A381324A088} - C:\WINDOWS\system32\jfupkdh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" perf "C:\Program Files\NVIDIA Corporation\nTune\Profiles\Baseline.npe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avehgjl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\avehgjl.dll,jwzesye
O4 - HKCU\..\Run: [Jhoos] "C:\PROGRA~1\Jhoos\Jhoos.exe" -minimize
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155965209759
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155965612834
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{788D3387-20F2-441A-A228-51127DE7D17B}: NameServer = 68.6.16.30,68.6.16.25
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

------------------------------------------

Rapport.txt:

SmitFraudFix v2.104

Scan done at 23:20:07.84, Wed 10/04/2006
Run from C:\Documents and Settings\All Users\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Go here and download KillBox.

Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines below [bold]one at a time[/bold]. Then click the red button with a white X after you enter each file.
You will be prompted to confirm, click Yes.

[bold]C:\WINDOWS\system32\jfupkdh.dll
C:\WINDOWS\system32\avehgjl.dll
C:\WINDOWS\SYSTEM32\winhoq32.dll[/bold]

Note: KillBox may prompt "File does not seem to exist". If so, continue with next file, but do not miss any.

Delete this folder: C:\Program Files\[bold]Jhoos[/bold]

Restart in normal mode.
Open HijackThis.
Click "Run a system scan only".
Check these(if there):

[bold]O2 - BHO: (no name) - {400B5ABF-C259-2417-14FA-0A381324A088} - C:\WINDOWS\system32\jfupkdh.dll

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)

O4 - HKCU\..\Run: [Jhoos] "C:\PROGRA~1\Jhoos\Jhoos.exe" -minimize

O4 - HKLM\..\Run: [avehgjl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\avehgjl.dll,jwzesye

O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll [/bold]

Close all windows except HijackThis then click "Fix checked".

Post a new HijackThis log.

 

Logfile of HijackThis v1.99.1
Scan saved at 7:03:45 AM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
F:\Software\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin....com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" perf "C:\Program Files\NVIDIA Corporation\nTune\Profiles\Baseline.npe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155965209759
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155965612834
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{788D3387-20F2-441A-A228-51127DE7D17B}: NameServer = 68.6.16.30,68.6.16.25
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Ok, looks good, but there may be more. Any problems?

Go here and download [bold]CCleaner[/bold].

[bold]Note[/bold]: If you do not want Yahoo! Toolbar uncheck the option when installing.

Close all windows.
Open CCleaner.
Click "Run Cleaner".

Go here and run Kaspersky Online Scanner.
Accept the terms.
After downloading, click "My Computer".
After scanning, click "Save report as".
Save as a text file and post it.

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 07, 2006 6:12:12 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/10/2006
Kaspersky Anti-Virus database records: 216481
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 205653
Number of viruses found: 13
Number of infected objects: 562 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:36:45

Infected Object Name / Virus Name / Last Action
C:\!KillBox\winhoq32.dll Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-09012006-061655.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\HandsomeDan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BEA07167-49C1-4B33-94FD-C6C090F13A4C} Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Temp\Perflib_Perfdata_a4c.dat Object is locked skipped
C:\Documents and Settings\HandsomeDan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HandsomeDan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HandsomeDan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\17A025F0.exe/Stream/data0002 Infected: Trojan-Clicker.Win32.VB.fo skipped
C:\Program Files\Norton AntiVirus\Quarantine\17A025F0.exe/Stream Infected: Trojan-Clicker.Win32.VB.fo skipped
C:\Program Files\Norton AntiVirus\Quarantine\17A025F0.exe Inno: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\17A025F0.exe CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E3618CA.exe Infected: Trojan-Downloader.Win32.Small.dod skipped
C:\Program Files\Norton AntiVirus\Quarantine\48571D0B.exe/Stream/data0002 Infected: Trojan-Clicker.Win32.VB.fo skipped
C:\Program Files\Norton AntiVirus\Quarantine\48571D0B.exe/Stream Infected: Trojan-Clicker.Win32.VB.fo skipped
C:\Program Files\Norton AntiVirus\Quarantine\48571D0B.exe Inno: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\48571D0B.exe CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\59743C58.exe Infected: Backdoor.Win32.Ciadoor.13 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP324\A0049908.dll Infected: Trojan-Downloader.Win32.Zlob.aoa skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP324\A0049909.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP325\A0049912.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP325\A0049914.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP325\A0049920.dll Infected: Trojan-Downloader.Win32.Zlob.ant skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP325\A0049922.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP325\A0049923.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP325\A0049924.exe Infected: Trojan-Downloader.Win32.Zlob.ans skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP325\A0049926.dll Infected: Trojan-Downloader.Win32.Zlob.aoa skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP325\A0049927.dll Infected: Trojan-Downloader.Win32.Zlob.aoa skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP327\A0049976.exe Infected: Trojan-Clicker.Win32.VB.fo skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP327\A0049988.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP328\A0049991.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP329\A0050055.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP330\A0050112.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP330\A0050113.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP332\A0050150.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP333\A0050214.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP333\A0050215.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP334\A0050270.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP334\A0050279.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP334\A0050297.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP334\A0050298.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP336\A0050316.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP336\A0050348.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP336\A0050349.exe Infected: Trojan-Downloader.Win32.Zlob.aod skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP336\A0050352.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP336\A0050355.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP336\A0050356.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP347\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Prefetch\Layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1906B262-573E-4321-B33B-450CC3F87D15}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\components\flx0.dll Object is locked skipped
C:\WINDOWS\system32\components\flx1.dll Object is locked skipped
C:\WINDOWS\system32\components\flx2.dll Object is locked skipped
C:\WINDOWS\system32\components\flx3.dll Object is locked skipped
C:\WINDOWS\system32\components\flx4.dll Object is locked skipped
C:\WINDOWS\system32\components\flx5.dll Object is locked skipped
C:\WINDOWS\system32\components\flx6.dll Object is locked skipped
C:\WINDOWS\system32\components\flx7.dll Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd8205.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ismini.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winhoq32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2f0.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-10071102}.CDF Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{4C84752C-D098-47A8-899F-9F532A003252}\RP347\change.log Object is locked skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040432.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040433.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040434.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040435.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040436.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040437.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040438.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040439.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040440.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040441.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040442.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040443.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040444.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040445.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040446.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040447.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040448.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040449.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040450.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040451.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040452.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040453.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040454.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040455.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040456.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040457.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040458.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040459.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040460.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040461.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040462.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040463.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040464.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040465.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040466.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040467.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040468.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040469.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040470.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040471.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040472.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040473.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040474.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040475.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040476.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040482.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040483.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040484.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040485.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040486.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040487.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040488.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040489.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040490.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040491.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040492.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040493.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040494.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040495.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040496.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040497.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040498.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040499.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040500.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040501.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040502.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040503.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040504.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040505.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040506.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040507.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040508.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040509.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040510.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040511.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040512.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040513.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040514.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040515.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040516.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040517.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040518.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040519.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040520.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040521.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040522.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040523.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040524.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040525.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040526.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040527.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040528.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040529.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040530.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040531.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040532.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040533.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040534.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040535.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040536.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040537.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040538.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040539.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040540.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040541.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040542.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040543.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040544.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040545.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040546.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040547.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040548.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040549.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040550.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040551.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040552.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040553.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040554.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040555.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040556.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040557.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040558.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040559.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040560.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040561.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040562.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040563.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040564.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040565.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040566.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040567.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040568.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040569.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040570.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040571.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040572.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040573.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040574.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040575.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040576.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040577.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040578.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040579.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040580.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040581.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040582.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040583.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040584.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040585.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040586.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040587.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040588.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040589.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040590.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040591.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040592.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040593.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040594.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040595.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040596.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040597.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040598.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040599.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040600.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040601.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040602.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040603.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040604.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040605.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040606.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040607.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040608.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040609.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040610.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040611.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040612.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040613.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040614.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040615.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040616.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040617.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040618.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040619.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040620.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040621.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040622.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040623.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040624.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040625.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040626.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040627.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040628.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040629.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040630.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040631.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040632.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040633.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040634.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040635.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040636.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040637.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040638.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040639.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040640.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040641.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040642.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040643.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040644.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040645.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040646.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040647.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040648.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040649.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040650.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040651.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040652.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040653.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040654.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040655.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040656.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040657.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040658.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040659.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040660.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040661.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040662.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040663.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040664.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040665.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040666.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040667.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040668.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040669.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040670.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040671.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040672.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040673.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040674.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040675.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040676.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040677.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040678.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040679.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040680.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040681.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040682.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040683.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040684.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040685.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040686.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040687.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040688.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040689.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040690.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040691.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040692.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040693.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040694.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040695.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040696.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040697.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040698.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040699.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040700.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040701.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040702.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040703.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040704.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040705.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040706.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040707.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040708.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040709.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040710.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040711.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040712.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040713.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040714.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040715.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040716.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040717.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040718.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040719.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040720.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040721.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040722.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040723.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040724.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040725.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040726.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040727.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040728.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040729.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040730.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040731.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040732.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040733.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040734.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040735.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040736.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040737.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040738.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040739.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040740.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040741.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040742.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040743.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040744.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040745.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040746.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040747.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040748.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040749.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040750.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040751.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040752.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040753.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040754.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040755.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040756.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040757.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040758.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040759.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040760.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040761.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040762.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040763.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040764.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040765.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040766.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040767.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040768.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040769.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040770.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040771.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040772.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040773.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040774.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040775.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040776.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040777.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040778.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040779.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040780.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040781.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040782.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040783.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040784.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040785.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040786.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040787.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040788.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040789.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040790.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040791.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040792.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040793.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040794.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040795.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040796.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040797.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040798.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040799.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040800.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040801.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040802.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040803.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040804.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040805.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040806.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040807.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040808.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040809.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040810.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040811.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040812.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040813.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040814.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040815.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040816.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040817.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040818.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040819.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040820.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040821.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040822.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040823.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040824.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040825.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040826.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040827.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040828.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040829.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040830.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040831.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040832.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040833.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040834.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040835.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040836.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040837.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040838.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040839.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040840.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040841.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040842.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040843.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040844.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040845.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040846.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040847.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040848.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040849.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040850.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040851.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040852.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040853.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040854.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040855.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040856.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040857.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040858.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040859.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040860.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040861.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040862.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040863.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040864.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040865.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040866.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040867.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040868.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040869.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040870.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040871.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040872.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040873.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040874.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040875.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040876.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040877.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040878.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040879.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040880.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040881.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040882.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040883.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040884.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040885.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040886.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040887.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040888.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040889.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040890.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040891.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040892.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040893.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040894.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040895.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040896.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040897.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040898.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040899.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040900.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040901.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040902.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040903.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040904.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040905.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040906.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040907.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040908.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040909.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040910.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040911.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040912.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040913.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040914.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040915.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040916.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040917.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040918.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040919.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040920.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040921.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040922.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040923.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040924.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040925.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040926.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040927.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040928.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040929.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040930.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040931.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040932.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040933.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040934.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040935.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040936.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040937.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040938.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040939.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040940.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040941.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040942.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040943.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040944.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040945.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040946.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040947.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040948.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040949.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040950.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040951.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040952.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040953.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040954.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040955.exe Infected: Trojan.Win32.VB.aad skipped
F:\System Volume Information\_restore{995314F0-811D-4ADC-8793-AA147D133FAB}\RP130\A0040956.exe Infected: Trojan.Win32.VB.aad skipped

Scan process completed.

 

Go here and download Spybot Search and Destroy.

Go here to download the trial version of AVG Anti-spyware.

Install and update both.

Restart your computer in safe mode.

Open Spybot.
Click "Search and Destroy".
Click "Check for Problems".
When it finishes, click "Fix selected problems".
Right click and select "Copy results" (not full report)
Paste them in Notepad and save it.

Open AVG AS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report".
Click "Save report as" and save it to the desktop.

Post back with the Spybot log and the AVG report.