1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Kone taas sekasi joten - Hjt -logi

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by TooMuch, Jul 20, 2006.

Thread Status:
Not open for further replies.
  1. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Nyt koitin Winpfind2:lla skannata, mutta en tiiä menikö kaikki niin kuin piti, koska ensinnäkin skannaus kesti n. 5min. Mutta tein siis kaikki niin kuin Jurppis aiemmin viestissään laittoi eli lopuksi sitten "export to text" mutta se ei aukea millään. Raportti on vajaat 8 megaa iso muttei kone suostu sitä aukomaan. Koitin vielä html -muodossakin mutta sama juttu.

    Katsoin sitten uudemmalla kerralla mitä ohjelma skannaa ja näyttäis että skannaus koski pelkästään C:\Windows ja C:\Windows\System32 kansioita. Ymmärsin itse ainakin että ohjelma skannaisi paljon enemmän.
     
    Last edited: Jul 23, 2006
  2. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Eli tietääkö kukaan, miten noi ärsyttävät mainosponnahdukset, jotka tukkii välillä koko koneen, sais pois ja aika äkkiä kans?
     
  3. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Kokeillaan sitten vanhempaa winpfindiä ja gmeriä:

    * Lataa GMER:
    http://www.gmer.net/gmer.zip

    Pura se ja klikkaa GMER.exe
    Klikkaa rootkit-välilehteä ja klikkaa scan.

    Kun valmis, klikkaa Copy
    Tämä kopioi tulokset työpöydälle.
    Liitä tulokset vastaukseesi

    Lataa http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip WinPFind työpöydällesi.

    Pura tiedoston WinPFind.zip sisältö (kansio WinPFind) C aseman juureen.

    Mene sitten kansioon C:\WinPFind ja tuplaklikkaa tiedostoa WinPFind.exe, ohjelma käynnistyy.

    Paina Start Scan painiketta ja odota kunnes skannaus on valmis. Ohjelma skannaa todella suuren määrään tiedostoja etsien vastaavuutta haittaohjelmille tyypillisiin tiedostoihin, joten ole kärsivällinen ja anna ohjelman skannata. Skannaus saattaa kestää jopa yli 30 minuuttia.

    Kun skannaus on valmis, ohjelma näyttää skannaustuloksen. Paina Copy to Clipboard painiketta, tulos kopioituu leikepöydälle. Avaa sitten Muistio ja liitä tulos siihen, tallenna dokumentti työpöydälle nimellä WinPFind loki. Liitä sitten tämän dokumentin sisältö viestiketjuusi.

    Huom! Kaikki listatut kohteet eivät välttämättä ole haittaohjelmia.

    Lähetä:

    - winpfindin loki
    - gmerin loki
     
    Last edited: Jul 25, 2006
  4. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Ja tässä näin:

    [bold]GMER 1.0.10.10122 - http://www.gmer.net[/bold]
    Rootkit 2006-07-26 20:09:09
    Windows 5.1.2600


    ---- System - GMER 1.0.10 ----

    SSDT d346bus.sys ZwClose
    SSDT \??\C:\WINDOWS\System32\vsdatant.sys ZwConnectPort
    SSDT d346bus.sys ZwCreateKey
    SSDT d346bus.sys ZwCreatePagingFile
    SSDT d346bus.sys ZwEnumerateKey
    SSDT d346bus.sys ZwEnumerateValueKey
    SSDT d346bus.sys ZwOpenFile
    SSDT d346bus.sys ZwOpenKey
    SSDT \??\C:\WINDOWS\System32\vsdatant.sys ZwOpenProcess
    SSDT d346bus.sys ZwQueryKey
    SSDT d346bus.sys ZwQueryValueKey
    SSDT d346bus.sys ZwSetSystemPowerState
    SSDT \??\C:\Program Files\ewido\security suite\guard.sys ZwTerminateProcess

    ---- Devices - GMER 1.0.10 ----

    Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL [F6CF37CA] BsUDF.SYS
    Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL [F6CF37CA] BsUDF.SYS
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F6B4BDA0] vsdatant.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B4BDA0] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F6B4BDA0] vsdatant.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B4BDA0] vsdatant.sys
    Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1C7F2F8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 816C64A0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 816C64A0
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSEIRP_MJ_READ 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 817A4820
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 817A4820
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSEIRP_MJ_READ 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 817A4820
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP_POWER 817A4820
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 816C64A0
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 816C64A0
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 816C64A0
    Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E169DDD8
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [F6B4BDA0] vsdatant.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B4BDA0] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [F6B4BDA0] vsdatant.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B4BDA0] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [F6B4BDA0] vsdatant.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B4BDA0] vsdatant.sys
    Device \Driver\AFD \Device\Afd IRP_MJ_CREATE [F6B4A540] vsdatant.sys
    Device \Driver\AFD \Device\Afd IRP_MJ_CLOSEIRP_MJ_READ [F6B4A540] vsdatant.sys
    Device \Driver\AFD \Device\Afd IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B4A540] vsdatant.sys
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_POWER 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_PNP 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE_NAMED_PIPE 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CLOSEIRP_MJ_READ 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_WRITE 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_INFORMATION 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_INFORMATION 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_EA 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_EA 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_FLUSH_BUFFERS 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_VOLUME_INFORMATION 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DIRECTORY_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_FILE_SYSTEM_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DEVICE_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SHUTDOWN 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_LOCK_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CLEANUP 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_CREATE_MAILSLOT 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_SECURITY 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_SECURITY 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_POWER 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SYSTEM_CONTROL 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_DEVICE_CHANGE 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_QUERY_QUOTA 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_SET_QUOTA 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_PNP 816B9C70
    Device \Driver\d346prt \Device\Scsi\d346prt1 IRP_MJ_PNP_POWER 816B9C70
    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_DEVICE_CONTROL [F6CF3B02] BsUDF.SYS
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_DEVICE_CONTROL [F6CF3B02] BsUDF.SYS
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_DEVICE_CONTROL [F6CF3B02] BsUDF.SYS
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_DEVICE_CONTROL [F6CF3B02] BsUDF.SYS
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_DEVICE_CONTROL [F6CF3B02] BsUDF.SYS
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL [F6CF37CA] BsUDF.SYS

    ---- Modules - GMER 1.0.10 ----

    Module _________ F9965000

    ---- Files - GMER 1.0.10 ----

    File C:\System Volume Information\catalog.wci
    File C:\System Volume Information\tracking.log
    File C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}

    ---- EOF - GMER 1.0.10 ----


    [bold]WINPFIND[/bold]

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
    Internet Explorer Version: 6.0.2800.1106

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...
    SAHAgent 22.9.2004 21:27:20 6187 C:\SahAgent.log
    PEC2 23.7.2006 22:24:52 936169 C:\winzip.log

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    UPX! 15.3.2004 19:28:50 69120 C:\WINDOWS\daemon.dll
    aspack 18.9.2004 15:28:44 545280 C:\WINDOWS\flashax.exe
    SAHAgent 26.4.2004 0:38:08 31232 C:\WINDOWS\SAHUninstall.exe

    Checking %System% folder...
    UPX! 31.5.2006 12:02:04 624640 C:\WINDOWS\SYSTEM32\aswBoot.exe
    UPX! 28.9.2004 17:52:40 286720 C:\WINDOWS\SYSTEM32\avisynth.dll
    aspack 18.3.2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
    aspack 26.5.2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
    aspack 22.7.2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
    aspack 5.12.2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
    aspack 3.2.2006 8:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll
    aspack 31.3.2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
    PEC2 9.10.2001 15:00:00 41113 C:\WINDOWS\SYSTEM32\dfrg.msc
    PTech 16.11.2004 23:50:40 1310546 C:\WINDOWS\SYSTEM32\lmdv.bin
    aspack 6.7.2006 18:21:48 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 9.9.2004 16:53:34 3920674 C:\WINDOWS\SYSTEM32\msbb_kyf.dat
    PTech 9.9.2004 16:53:34 3920674 C:\WINDOWS\SYSTEM32\msbb_kyf.dat
    UPX! 9.7.2005 20:46:26 142480 C:\WINDOWS\SYSTEM32\nC5594Om3.dll
    Umonitor 12.2.2002 22:22:46 634368 C:\WINDOWS\SYSTEM32\rasdlg.dll
    winsync 9.10.2001 15:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

    Checking %System%\Drivers folder and sub-folders...

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    26.7.2006 19:48:52 S 2048 C:\WINDOWS\bootstat.dat
    4.7.2006 19:12:52 H 0 C:\WINDOWS\LastGood\INF\oem19.inf
    4.7.2006 19:12:52 H 0 C:\WINDOWS\LastGood\INF\oem19.PNF
    14.6.2006 11:54:40 R S 235003 C:\WINDOWS\system32\hr4205hoe.dll
    26.7.2006 19:55:14 H 334 C:\WINDOWS\system32\vsconfig.xml
    26.7.2006 20:19:26 H 1024 C:\WINDOWS\system32\config\default.LOG
    26.7.2006 19:48:54 H 1024 C:\WINDOWS\system32\config\SAM.LOG
    26.7.2006 19:59:04 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
    26.7.2006 20:16:28 H 1024 C:\WINDOWS\system32\config\software.LOG
    26.7.2006 20:16:06 H 1024 C:\WINDOWS\system32\config\system.LOG
    25.7.2006 2:01:12 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    20.7.2006 19:06:04 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b6769b5d-1cc2-477f-83d3-fd7d166262a8
    20.7.2006 19:06:04 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
    26.7.2006 19:48:54 H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    19.8.2003 10:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
    Microsoft Corporation 9.10.2001 15:00:00 67584 C:\WINDOWS\SYSTEM32\access.cpl
    Realtek Semiconductor Corp. 18.6.2003 9:14:48 R 8605696 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
    Microsoft Corporation 9.10.2001 15:00:00 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Broadcom Corporation. 29.11.2004 20:56:22 266299 C:\WINDOWS\SYSTEM32\btcpl.cpl
    Microsoft Corporation 9.10.2001 15:00:00 130048 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 9.10.2001 15:00:00 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 10.9.2002 1:56:46 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 9.10.2001 15:00:00 119808 C:\WINDOWS\SYSTEM32\intl.cpl
    Macrovision Corporation 11.8.2005 16:29:46 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
    Microsoft Corporation 29.8.2002 4:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 9.10.2001 15:00:00 188416 C:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 9.10.2001 15:00:00 561152 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 9.10.2001 15:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 9.10.2001 15:00:00 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    10.12.2005 4:06:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
    Microsoft Corporation 9.10.2001 15:00:00 37376 C:\WINDOWS\SYSTEM32\nwc.cpl
    Microsoft Corporation 9.10.2001 15:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 9.10.2001 15:00:00 109568 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Apple Computer, Inc. 26.8.1996 2:12:00 R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
    Microsoft Corporation 9.10.2001 15:00:00 271360 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 9.10.2001 15:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 9.10.2001 15:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 26.5.2005 4:16:30 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 9.10.2001 15:00:00 67584 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
    Microsoft Corporation 9.10.2001 15:00:00 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
    Microsoft Corporation 9.10.2001 15:00:00 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
    Microsoft Corporation 9.10.2001 15:00:00 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
    Microsoft Corporation 10.9.2002 1:56:46 293376 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
    Microsoft Corporation 9.10.2001 15:00:00 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
    Microsoft Corporation 29.8.2002 4:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
    Microsoft Corporation 9.10.2001 15:00:00 188416 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 9.10.2001 15:00:00 561152 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
    Microsoft Corporation 9.10.2001 15:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 9.10.2001 15:00:00 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
    Microsoft Corporation 9.10.2001 15:00:00 37376 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
    Microsoft Corporation 9.10.2001 15:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
    Microsoft Corporation 9.10.2001 15:00:00 109568 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
    Microsoft Corporation 9.10.2001 15:00:00 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
    Microsoft Corporation 9.10.2001 15:00:00 271360 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
    Microsoft Corporation 9.10.2001 15:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 9.10.2001 15:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
    NVIDIA Corporation 2.5.2003 10:19:00 R 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\nvtuicpl.cpl
    NVIDIA Corporation 2.5.2003 10:19:00 R 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\nvtuicpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    22.6.2006 15:41:24 1757 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
    3.1.2006 18:18:10 697 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\BTTray.lnk
    24.4.2004 20:42:04 HS 84 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini
    29.4.2004 15:40:48 1898 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Ulead Photo Express 4.0 SE Calendar Checker .lnk
    26.7.2006 19:49:00 2373 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\USB Phone Driver Startup.lnk
    8.11.2004 16:40:04 742 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\ZoneAlarm Pro.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    8.2.2006 17:35:38 305 C:\Documents and Settings\All Users\Application Data\addr_file.html
    1.1.2003 2:02:58 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
    7.3.2006 15:21:34 1376 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    Checking files in %USERPROFILE%\Startup folder...
    24.4.2004 20:42:04 HS 84 C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini

    Checking files in %USERPROFILE%\Application Data folder...
    1.1.2003 2:02:58 HS 62 C:\Documents and Settings\Manninen\Application Data\desktop.ini
    5.12.2005 19:43:18 2235097 C:\Documents and Settings\Manninen\Application Data\Install.dat
    16.12.2005 15:34:10 67 C:\Documents and Settings\Manninen\Application Data\MumboJumbo.ini
    10.12.2004 15:55:40 230191 C:\Documents and Settings\Manninen\Application Data\tvmknwrd.dll
    16.12.2005 15:34:10 H 25 C:\Documents and Settings\Manninen\Application Data\ud_soundmanager.ini

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
    {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
    {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\InoShell
    {DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Program Files\CA\eTrust Antivirus\InoShell.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Käynnistä-valikon nasta = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
    {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
    {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
    {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\InoShell
    {DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Program Files\CA\eTrust Antivirus\InoShell.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Päivän vihje = %SystemRoot%\System32\shdocvw.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
    Encarta &Researcher = C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    ButtonText = Research :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
    ButtonText = Researcher :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}
    ButtonText = @btrez.dll,-4015 :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
    Etsintäpalkki = %SystemRoot%\System32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    Media-palkki = %SystemRoot%\System32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    Tiedostojen etsintä -Explorer-palkki = %SystemRoot%\system32\SHELL32.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\System32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\System32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Lähiosoite : %SystemRoot%\System32\browseui.dll
    {B195B3B3-8A05-11D3-97A4-0004ACA6948E} = :
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Lähiosoite : %SystemRoot%\System32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Linkit : %SystemRoot%\system32\SHELL32.dll
    {82315A18-6CFB-44A7-BDFD-90E36537C252} = :
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = :

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz nwiz.exe /install
    SoundMan SOUNDMAN.EXE
    HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    InCD C:\Program Files\ahead\InCD\InCD.exe
    SideWinderTrayV4 C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    Lexmark X1100 Series "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    wcmdmgr C:\WINDOWS\wt\wcmdmgrl.exe -launch
    MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    WinampAgent C:\Program Files\Winamp\winampa.exe
    ISUSPM Startup "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    DAEMON Tools-1033 "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
    avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    KernelFaultCheck %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    0006 - C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1
    0007 - C:\Documents and Settings\Manninen\Käynnistä-valikko\Ohjelmat\hp deskjet 640c series v3.1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE C:\WINDOWS\System32\ctfmon.exe
    Yak! C:\Program Files\Yak!\Yak.exe
    updateMgr "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 2
    services 0
    startup 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
    Key y]‰jŠöÓ~TÞÛM:eek:
    Hint hostetler edge
    FileName0 C:\WINDOWS\System32\RSACi.rat

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
    Allow_Unknowns 0
    PleaseMom 1
    Enabled 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
    l 0
    n 0
    s 0
    v 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
    NoChangingWallpaper 0
    NoComponents 0
    NoAddingComponents 0
    NoDeletingComponents 0
    NoEditingComponents 0
    NoHTMLWallPaper 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun ‘
    NoActiveDesktop 0
    ClassicShell 0
    ForceActiveDesktopOn 1
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    WinUpdate.exe C:\Program Files\Windows\WinUpdate.exe


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 26.7.2006 20:20:01
     
  5. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    SAHAgenttia tuolla näkyy, joten laitapa uninstall-lista:

    HjT -> open misc tools -> open uninstall manager -> save list -> tallenna -> lista tänne.
     
  6. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Uninstall_list:


    Aapelin ABC, 8-10
    ABBYY FineReader 5.0 Sprint
    ABC (remove only)
    AC3Filter (remove only)
    Ad-aware 5.8
    Adobe Reader 7.0.7
    avast! Antivirus
    AVIcodec (remove only)
    AviSynth 2.5
    Battle for Wesnoth 0.8
    Battlefield 1942
    BK's Winamp Ext.
    Blender (remove only)
    BSPlayer
    CDex extraction audio
    Chronograph Lite 4.1
    Command
    Console Classix 3.1
    CorelDRAW Graphics Suite X3
    Count Dooku
    Crash Damage 2005
    D.M.A.C. Guide To Flying Fixed Wing Model Aircraft
    D.M.A.C. Guide To Flying Model Aircraft - General
    D.M.A.C. Guide To Setting Up Your Model Aircraft
    D.M.A.C. Guide To The SAA Fixed Wing Bronze Award
    D.M.A.C. Guide To The SAA Fixed Wing Gold 2002 Award
    D.M.A.C. Guide To The SAA Fixed Wing Silver 2002 Award
    D.M.A.C. Guide To Trimming Fixed Wing Model Aircraft
    D.M.A.C. Radio Control Start Up Guide
    DC++ 0.691
    Deluxe Ski Jump 3 v1.1
    Disk Cleaner (remove only)
    DivX Pro Trial
    dmrotk01ss.zip
    DoubleKiller 1.6.0.78
    EA.com Matchup
    EA.com Update
    EclipseCrossword
    Emperor Palpatine
    EN
    ewido security suite
    ffdshow (remove only)
    FMS
    FontNav
    FunPics - Machine
    Game Maker 6 Resource Pack 1
    Game Maker 6 Resource Pack 2
    Game Maker 6 Resource Pack 3
    Game Maker 6 Resource Pack 4
    Game Maker 6.0
    Game Maker 6.1
    GameSpy Arcade
    GIF Movie Gear 4.0.1
    Google Earth
    GT - Reittikartta Suomi
    Heroes of Might and Magic® III
    HijackThis 1.99.1
    Huffyuv AVI lossless video codec (Remove Only)
    InCD (Ahead Software)
    Indeo® Software
    IpWins
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    LanTalk.NET
    LEGO Digital Brick Palette - LEGO Factory
    LEGO Digital Brick Palette - Make and Create
    LEGO Digital Brick Palette - PAB 2004 LEGOLAND SE
    LEGO Digital Designer
    LEGO Star Wars
    Lexmark X1100 Series
    Little Fighter 2 v1.9
    LOTRROTK3DSetup.exe
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Messenger Plus! 3
    Microangelo 5.5
    Microsoft .NET Framework 1.1
    Microsoft Data Access Components KB870669
    Microsoft Encarta World Atlas 2001 - WE
    Microsoft Flight Simulator 2002
    Microsoft Internet Explorer 6 SP1
    Microsoft Midtown Madness 2
    Microsoft Office FrontPage 2003
    Microsoft Office Professional Edition 2003
    Microsoft Picture It! Photo 2001
    Microsoft Word 2000 SR-1
    Microsoft Works 2001 Osien valitseminen
    mIRC
    Mozilla Firefox (1.5.0.1)
    MP3 Player Utilities V1.28
    MSN Messenger 7.5
    MSXML4 Parser
    N 1.4
    Nero Suite
    Network Monitor
    New-Ray Toys\MonsterCrash
    Nokia Multimedia Converter 2.0
    NVIDIA Drivers
    NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
    Opetuslupakoe
    OrphansRemover version 1.7.5.25
    Outlook Express Q823353
    Pinnacle Hollywood FX 4.6
    Pivot Stickfigure Animator
    PowerDVD
    Quake III Arena Point Release 1.32
    QuickTime
    Rakenna taloja Masa Mainion kanssa
    rayman2
    RealPlayer
    Robin Hood - The Legend of Sherwood
    RollerCoaster Tycoon 2
    RollerCoaster Tycoon® 3
    Shockwave
    SideWinder Precision 2
    Skype 2.0
    SLD CODEC PACK 1.5.3
    Snowball Wars by OIN
    Sound Blaster AudioPCI 128
    Spider-Man (tm) Movie
    Star Wars Battlefront
    Studio 8
    The Battle for Middle-earth (tm) II
    The FilmMachine 1.4
    The Movies(TM)
    The Sims Superstar
    Time Adjuster v2.9 (LIGHT)
    TMPGEnc DVD Source Creator 2.0
    Tony Hawk's Pro Skater 3®
    Toon Boom Studio 3.0 Demo
    TSA
    Ulead Photo Express 4.0 SE
    UltraISO V6.5
    Update Manager
    USB Phone Driver
    VBA
    WebGraphics - Backgrounds
    WebGraphics - Buttons
    WebGraphics - Pictures
    Wesnoth 1.0.2
    WIDCOMM Bluetooth-ohjelmisto
    Viewer V7
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa Q828026]
    Windows XP Application Compatibility Update[Q319580]
    Windows XP Hotfix - KB821557
    Windows XP Hotfix - KB823182
    Windows XP Hotfix - KB824105
    Windows XP Hotfix - KB840987
    Windows XP Hotfix - KB841356
    Windows XP Hotfix - KB841533
    Windows XP Hotfix - KB873376
    Windows XP Hotfix - KB887822
    Windows XP Hotfix (SP1) [See Q309521 for more information]
    Windows XP Hotfix (SP1) [See Q311889 for more information]
    Windows XP Hotfix (SP1) [See Q311967 for more information]
    Windows XP Hotfix (SP1) [See Q313450 for more information]
    Windows XP Hotfix (SP1) [See Q314862 for more information]
    Windows XP Hotfix (SP1) [See Q315000 for more information]
    Windows XP Hotfix (SP1) [See Q315403 for more information]
    Windows XP Hotfix (SP1) [See Q317277 for more information]
    Windows XP Hotfix (SP1) [See Q318138 for more information]
    Windows XP Hotfix (SP1) [See Q323172 for more information]
    Windows XP Hotfix (SP1) [See Q324096 for more information]
    Windows XP Hotfix (SP1) [See Q324380 for more information]
    Windows XP Hotfix (SP1) [See Q326830 for more information]
    Windows XP Hotfix (SP1) [See Q328940 for more information]
    Windows XP Hotfix (SP1) [See Q329048 for more information]
    Windows XP Hotfix (SP1) [See Q329390 for more information]
    Windows XP Hotfix (SP1) [See Q329441 for more information]
    Windows XP Hotfix (SP1) [See Q329834 for more information]
    Windows XP Hotfix (SP1) Q329170
    Windows XP Hotfix (SP1) Q810577
    Windows XP Hotfix (SP1) Q810833
    Windows XP Hotfix (SP1) Q811493
    Windows XP Hotfix (SP1) Q815021
    Windows XP Hotfix (SP1) Q817606
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329115]
    Windows XP Hotfix- KB810217
    Windows XP Hotfix- KB823559
    Windows XP Hotfix- KB824141
    Windows XP Hotfix- KB825119
    Windows XP Hotfix- KB828035
    Windows XP Hotfix- KB828741
    Windows XP Hotfix- KB833407
    Windows XP Hotfix- KB833987
    Windows XP Hotfix KB834707
    Windows XP Hotfix- KB835732
    Windows XP Hotfix- KB837001
    Windows XP Hotfix- KB839645
    Windows XP Hotfix- KB840315
    Windows XP Hotfix- KB840374
    Windows XP Hotfix- KB841873
    Windows XP Hotfix- KB842773
    Windows XP Hotfix- KB883357
    WinRAR archiver
    WinZip
    Works Suiten Microsoft Word
    XviD MPEG-4 Video Codec
    Yak! 2.1.2
    ZoneAlarm
    ZoneAlarm Pro

     
  7. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Poista nuo:

    Command
    IpWins
    Network Monitor
    Snowball Wars by OIN
    TSA

    Ja kerro auttoiko :)

    Ainakin tämä ->
    Snowball Wars by OIN on mainosörkki.
     
  8. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Jeps, muitten poistot onnistui hyvin, mutta toi NetworkMonitor ei oikein suostu. Tulee Windows Script Host -viesti jossa lukee "Komentosarjatiedostoa C:\WINDOWS\uninstall_nmon.vbs ei löydy." Valittavana on vain OK. Niin ja toi Snowballwars todellakin oli joku mainospläjäys koska Avast ilmoitti poistettaessa siitä. En ollut vaan hoksannut sitä epäillä kun tätäkin konetta käyttää muut kuin minä itse. :)

    Mut katon taas kerran vähän aikaa että loppuiko ongelmat.
     
    Last edited: Jul 26, 2006
  9. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Joo siitä Network Monitorista on jääny vaan merkintä listaan, se on kai jo poistettu.
     
  10. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    No hyvä. Noista ongelmista, niin äsken tuli yksi mainosikkuna. Eli ongelmat on vähentynyt tavallaan yhteen, koska ennen tuli 5-7 ikkunaa.
     
  11. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Kattelaas tolla sitten:

    Skannaa koneesi http://www.kaspersky.com/downloads/kws/kavwebscan.html
    Kaspersky Online Skannerilla

    Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
    [*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
    [*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
    [*] Klikkaa nyt asetuksia, Scan Settings
    [*] Tarkista asetuksista, että seuraavat ovat valittuina:

    o Scan using the following Anti-Virus database:

    + Extended (Jos valittavissa, muuten valitse Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

    [*] Klikkaa OK
    [*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
    [*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
    [*] Klikkaa nyt Save as Text-painiketta.
    [*] Tallenna tiedosto työpöydällesi.
    [*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi
     
  12. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Noniin, sori kun kesti, oli vähän muuta hommaa mutta tässä nyt toi Kasperskyn report:

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, August 02, 2006 9:46:52 PM
    Operating System: Microsoft Windows XP Professional, (Build 2600)
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 2/08/2006
    Kaspersky Anti-Virus database records: 211561
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 165105
    Number of viruses found: 54
    Number of infected objects: 442
    Number of suspicious objects: 0
    Duration of the scan process: 02:56:56

    Infected Object Name / Virus Name / Last Action
    C:\bintheredunthat\VSL02.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
    C:\bintheredunthat\VSL02.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
    C:\bintheredunthat\VSL02.exe NSIS: infected - 2 skipped
    C:\Documents and Settings\Manninen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-524bf168.zip/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\Manninen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-524bf168.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\Manninen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-524bf168.zip/web.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\Documents and Settings\Manninen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-524bf168.zip/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\Manninen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-524bf168.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\Manninen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5d6c59a1-524bf168.zip ZIP: infected - 5 skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\LOTRROTK3DSetup.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\LOTRROTK3DSetup.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\LOTRROTK3DSetup.exe/WISE0017.BIN/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\LOTRROTK3DSetup.exe/WISE0017.BIN/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\LOTRROTK3DSetup.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\LOTRROTK3DSetup.exe WiseSFX: infected - 5 skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\mirc614.exe mIRC: infected - 1 skipped
    C:\Mendoza1.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
    C:\Mendoza1.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
    C:\Mendoza1.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
    C:\Mendoza1.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
    C:\Mendoza1.exe NSIS: infected - 4 skipped
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\Program Files\Trend Micro\kyzese.html Infected: Trojan-Clicker.Win32.Small.jf skipped
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe\NNEZTB388.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348614.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349731.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349809.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0350827.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0351849.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0351865.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0351885.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0352931.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0353999.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0354066.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0354115.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0354140.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354155.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354180.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354200.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354259.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354322.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354438.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354479.exe Infected: Trojan-Downloader.Win32.Adload.br skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354484.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354487.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354488.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP429\A0354489.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354504.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354505.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354506.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354514.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354516.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354531.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0355532.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0355570.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357569.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357607.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357609.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357643.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357662.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357689.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357751.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358751.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358769.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358793.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358807.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358815.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358817.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358833.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358861.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358867.exe Infected: Trojan-Downloader.Win32.VB.afl skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358878.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358880.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358896.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358898.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358932.exe Infected: Trojan-Downloader.Win32.VB.afl skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358933.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358934.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358935.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358936.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358937.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358938.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358939.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358940.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358941.exe Infected: Backdoor.Win32.VB.ary skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358942.exe Infected: Trojan-Downloader.Win32.Adload.cf skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358943.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358944.exe Infected: Trojan-Clicker.Win32.VB.no skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358945.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358945.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358945.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358945.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358945.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358945.exe RarSFX: infected - 5 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358946.exe Infected: Trojan-Clicker.Win32.VB.fb skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358947.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358948.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358949.exe Infected: Trojan-Downloader.Win32.Adload.ce skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358950.exe Infected: Trojan-Downloader.Win32.VB.afv skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358952.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358962.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358975.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358988.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359021.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359023.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359052.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359065.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359077.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359101.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359114.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359138.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359163.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0359166.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360164.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360263.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360283.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360285.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360324.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360336.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360338.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360351.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360365.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360376.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360378.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360391.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360403.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360415.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360432.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360447.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360458.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360470.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360473.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360484.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360497.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0360508.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0361508.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0361510.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0361522.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0361536.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0361538.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0361551.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362551.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362566.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362579.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362593.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362606.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362629.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362643.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362659.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362669.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362672.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362684.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362687.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362700.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362712.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362714.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362734.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362759.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362770.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362775.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362800.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362803.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362817.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362830.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0362841.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\snapshot\MFEX-3.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\snapshot\MFEX-4.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363075.dll Infected: not-a-virus:AdWare.Win32.SaveNow.ce skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363078.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363525.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363537.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363539.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363554.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363556.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363569.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363574.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363584.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363587.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363599.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363611.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363616.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363628.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363639.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363642.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363675.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363687.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363691.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363713.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363716.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0363746.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364743.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364747.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364770.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364773.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364784.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364787.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364809.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364828.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364837.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364842.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364857.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364893.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0364905.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0365906.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0365923.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0365941.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0365944.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0365957.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0365994.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0366994.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0367992.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0368009.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0368012.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0368025.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0368039.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0369037.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0369041.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0369077.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0369091.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0369105.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0369117.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0369120.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP431\A0369134.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0372507.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0372510.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373508.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373528.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373531.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373548.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373554.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373555.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373556.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373557.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373558.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373559.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373560.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373561.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373562.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373563.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373564.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373565.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373566.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373567.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373568.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373569.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373570.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373571.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373572.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373573.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373574.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373575.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373576.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373577.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373578.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373579.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373580.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373581.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373582.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373583.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373584.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373585.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373586.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373587.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373588.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373589.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373590.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373591.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373592.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373593.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373594.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373595.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373596.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373597.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373598.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373599.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373600.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373601.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373602.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373603.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373604.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373605.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373606.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373607.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373608.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373609.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373610.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373611.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373612.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373613.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373614.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373615.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373616.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373617.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373618.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373619.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373620.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373621.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373622.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373623.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373624.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373625.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373626.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373627.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373628.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373629.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373630.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373631.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373632.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373633.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373634.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373635.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373636.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373637.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373638.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373639.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373640.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373641.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373642.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373643.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373644.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373645.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373646.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373647.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373648.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373649.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373650.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373651.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373652.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373653.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373654.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373655.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373656.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373657.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373658.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373659.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373660.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373661.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373662.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373663.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373664.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373665.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373666.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373667.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373668.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373669.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373670.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373671.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373672.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373673.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373674.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373675.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373676.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373677.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373678.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373679.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373680.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373681.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373682.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373683.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373684.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373685.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373686.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373687.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373688.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373689.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373690.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373691.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373692.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373693.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373694.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373736.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373752.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373768.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373781.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP434\A0373794.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373916.exe/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373916.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373916.exe UPX: infected - 1 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373916.exe PE_Patch.UPX: infected - 1 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373917.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373917.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373917.exe UPX: infected - 1 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373917.exe PE_Patch.UPX: infected - 1 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373919.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373920.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373921.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373922.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373923.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373925.exe Infected: Trojan-Downloader.MSIL.Agent.a skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373928.exe Infected: Trojan.Win32.Zapchast.bl skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373929.exe/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373929.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373930.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373939.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373993.exe Infected: Trojan-Downloader.Win32.Delf.aco skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0373994.exe Infected: Trojan.Win32.Small.gq skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374392.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374393.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374394.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374395.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374397.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374399.exe Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374400.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374401.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374402.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374403.exe Infected: not-a-virus:AdWare.Win32.SaveNow.cb skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374404.exe Infected: Trojan-Dropper.Win32.VB.mz skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374405.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374406.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374407.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374408.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374410.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374411.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374413.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374415.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374416.dll Infected: not-a-virus:AdWare.Win32.WinAD.d skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374417.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374418.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374419.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374420.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374421.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374422.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374423.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374424.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374425.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374426.dll Infected: Trojan.Win32.Agent.fd skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374427.exe Infected: Trojan-Downloader.Win32.Small.crx skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374428.exe Infected: Trojan-Proxy.Win32.Loser.a skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374429.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374430.dll Infected: Trojan.Win32.Agent.fd skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374431.exe Infected: Trojan-Downloader.Win32.Delf.aco skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374432.exe Infected: not-a-virus:AdWare.Win32.Raze.a skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374433.exe Infected: Trojan.Win32.Agent.fd skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374434.exe Infected: Backdoor.Win32.Small.kw skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374435.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374436.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374437.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP435\A0374442.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\WINDOWS\SAHUninstall.exe Infected: not-a-virus:AdWare.Win32.Sahat.f skipped
    C:\WINDOWS\system32\nC5594Om3.dll Infected: Trojan-Dropper.Win32.Small.abd skipped

    Scan process completed.
     
  13. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Poista:

    C:\bintheredunthat\VSL02.exe
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\LOTRROTK3DSetup.exe
    C:\Mendoza1.exe
    C:\WINDOWS\SAHUninstall.exe
    C:\WINDOWS\system32\nC5594Om3.dll
    C:\Program Files\Trend Micro\kyzese.html
    C:\Program Files\UselessCreations\LOTRROTK3DSetup.exe

    Tyhjennä roskis.

    Mene Ohjauspaneeliin ja siitä Java asetuksiisi.
    [*]Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
    [*]Varmista että kaikki kolme valintaa ovat rastitettuja:

    Downloaded Applets
    Downloaded Applications
    Other Files


    [*]Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
    Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
    [*]Klikkaa OK jättääksesi Java asetusikkunasi.

    Putsaa järjestelmän palautus:

    1. Valitse Oma tietokone (klikkaa oikealla).
    2. Valitse Ominaisuudet.
    3. Valitse Järjestelmän palauttaminen- välilehti.
    4. Valitse "Poista järjestelmän palauttaminen käytöstä".
    5. Paina Käytä.
    6. Paina OK.
    7. Käynnistä kone uudelleen
    8. Tee kohdat 1.-3.
    9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
    10. Tee kohdat 5. ja 6.

    Skannaa uudestaan kasperskyllä ja lähetä sen raportti.
     
  14. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Joo, päätin tässä vähän väliaikatietoja laittaa.. eli teen tuon Kaspersky skannauksen tässä illan aikana,kun siinä menee kuitenkin toi 2-3 tuntia :/ Ja ei ole vielä toi mainostentulo helpottanut, eli vieläkin tulee semmoinen 3-5 mainosikkunaa vähän välii.
     
  15. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Laita sitten myös uusi HjT-loki ja tuore uninstall-lista sen kasperskyn raportin lisäks.
     
  16. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Thursday, August 03, 2006 9:43:53 PM
    Operating System: Microsoft Windows XP Professional, (Build 2600)
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 3/08/2006
    Kaspersky Anti-Virus database records: 212087
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 149222
    Number of viruses found: 2
    Number of infected objects: 3
    Number of suspicious objects: 0
    Duration of the scan process: 03:19:37

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
    C:\Documents and Settings\Manninen\Työpöytä\Ohjelmat\Asennus tiedostot\mirc614.exe mIRC: infected - 1 skipped
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

    Scan process completed.


    [bold]Logfile of HijackThis v1.99.1[/bold]
    Scan saved at 21:50:24, on 3.8.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yak!\Yak.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yak!] C:\Program Files\Yak!\Yak.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: USB Phone Driver Startup.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 212.116.32.218 212.116.32.222
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    [bold]HJT - Uninstall List[/bold]

    Aapelin ABC, 8-10
    ABBYY FineReader 5.0 Sprint
    ABC (remove only)
    AC3Filter (remove only)
    Ad-aware 5.8
    Adobe Reader 7.0.7
    avast! Antivirus
    AVIcodec (remove only)
    AviSynth 2.5
    Battle for Wesnoth 0.8
    Battlefield 1942
    BK's Winamp Ext.
    Blender (remove only)
    BSPlayer
    CDex extraction audio
    Chronograph Lite 4.1
    Console Classix 3.1
    CorelDRAW Graphics Suite X3
    Count Dooku
    Crash Damage 2005
    D.M.A.C. Guide To Flying Fixed Wing Model Aircraft
    D.M.A.C. Guide To Flying Model Aircraft - General
    D.M.A.C. Guide To Setting Up Your Model Aircraft
    D.M.A.C. Guide To The SAA Fixed Wing Bronze Award
    D.M.A.C. Guide To The SAA Fixed Wing Gold 2002 Award
    D.M.A.C. Guide To The SAA Fixed Wing Silver 2002 Award
    D.M.A.C. Guide To Trimming Fixed Wing Model Aircraft
    D.M.A.C. Radio Control Start Up Guide
    DC++ 0.691
    Deluxe Ski Jump 3 v1.1
    Disk Cleaner (remove only)
    DivX Pro Trial
    dmrotk01ss.zip
    DoubleKiller 1.6.0.78
    EA.com Matchup
    EA.com Update
    EclipseCrossword
    Emperor Palpatine
    EN
    ewido security suite
    ffdshow (remove only)
    FMS
    FontNav
    FunPics - Machine
    Game Maker 6 Resource Pack 1
    Game Maker 6 Resource Pack 2
    Game Maker 6 Resource Pack 3
    Game Maker 6 Resource Pack 4
    Game Maker 6.0
    Game Maker 6.1
    GameSpy Arcade
    GIF Movie Gear 4.0.1
    Google Earth
    GT - Reittikartta Suomi
    Heroes of Might and Magic® III
    HijackThis 1.99.1
    Huffyuv AVI lossless video codec (Remove Only)
    InCD (Ahead Software)
    Indeo® Software
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Kaspersky On-line Scanner
    LanTalk.NET
    LEGO Digital Brick Palette - LEGO Factory
    LEGO Digital Brick Palette - Make and Create
    LEGO Digital Brick Palette - PAB 2004 LEGOLAND SE
    LEGO Digital Designer
    LEGO Star Wars
    Lexmark X1100 Series
    Little Fighter 2 v1.9
    LOTRROTK3DSetup.exe
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Messenger Plus! 3
    Microangelo 5.5
    Microsoft .NET Framework 1.1
    Microsoft Data Access Components KB870669
    Microsoft Encarta World Atlas 2001 - WE
    Microsoft Flight Simulator 2002
    Microsoft Internet Explorer 6 SP1
    Microsoft Midtown Madness 2
    Microsoft Office FrontPage 2003
    Microsoft Office Professional Edition 2003
    Microsoft Picture It! Photo 2001
    Microsoft Word 2000 SR-1
    Microsoft Works 2001 Osien valitseminen
    mIRC
    Mozilla Firefox (1.5.0.1)
    MP3 Player Utilities V1.28
    MSN Messenger 7.5
    MSXML4 Parser
    N 1.4
    Nero Suite
    Network Monitor
    New-Ray Toys\MonsterCrash
    Nokia Multimedia Converter 2.0
    NVIDIA Drivers
    NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
    Opetuslupakoe
    OrphansRemover version 1.7.5.25
    Outlook Express Q823353
    Pinnacle Hollywood FX 4.6
    Pivot Stickfigure Animator
    PowerDVD
    Quake III Arena Point Release 1.32
    QuickTime
    Rakenna taloja Masa Mainion kanssa
    rayman2
    RealPlayer
    Robin Hood - The Legend of Sherwood
    RollerCoaster Tycoon 2
    RollerCoaster Tycoon® 3
    Shockwave
    SideWinder Precision 2
    Skype 2.0
    SLD CODEC PACK 1.5.3
    Sound Blaster AudioPCI 128
    Spider-Man (tm) Movie
    Star Wars Battlefront
    Studio 8
    The Battle for Middle-earth (tm) II
    The FilmMachine 1.4
    The Movies(TM)
    The Sims Superstar
    Tile Print Version 3
    Time Adjuster v2.9 (LIGHT)
    TMPGEnc DVD Source Creator 2.0
    Tony Hawk's Pro Skater 3®
    Toon Boom Studio 3.0 Demo
    UIUC Airfoil Coordinates Database - Version 2.0
    Ulead Photo Express 4.0 SE
    UltraISO V6.5
    Update Manager
    USB Phone Driver
    VBA
    WebGraphics - Backgrounds
    WebGraphics - Buttons
    WebGraphics - Pictures
    Wesnoth 1.0.2
    WIDCOMM Bluetooth-ohjelmisto
    Viewer V7
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa Q828026]
    Windows XP Application Compatibility Update[Q319580]
    Windows XP Hotfix - KB821557
    Windows XP Hotfix - KB823182
    Windows XP Hotfix - KB824105
    Windows XP Hotfix - KB840987
    Windows XP Hotfix - KB841356
    Windows XP Hotfix - KB841533
    Windows XP Hotfix - KB873376
    Windows XP Hotfix - KB887822
    Windows XP Hotfix (SP1) [See Q309521 for more information]
    Windows XP Hotfix (SP1) [See Q311889 for more information]
    Windows XP Hotfix (SP1) [See Q311967 for more information]
    Windows XP Hotfix (SP1) [See Q313450 for more information]
    Windows XP Hotfix (SP1) [See Q314862 for more information]
    Windows XP Hotfix (SP1) [See Q315000 for more information]
    Windows XP Hotfix (SP1) [See Q315403 for more information]
    Windows XP Hotfix (SP1) [See Q317277 for more information]
    Windows XP Hotfix (SP1) [See Q318138 for more information]
    Windows XP Hotfix (SP1) [See Q323172 for more information]
    Windows XP Hotfix (SP1) [See Q324096 for more information]
    Windows XP Hotfix (SP1) [See Q324380 for more information]
    Windows XP Hotfix (SP1) [See Q326830 for more information]
    Windows XP Hotfix (SP1) [See Q328940 for more information]
    Windows XP Hotfix (SP1) [See Q329048 for more information]
    Windows XP Hotfix (SP1) [See Q329390 for more information]
    Windows XP Hotfix (SP1) [See Q329441 for more information]
    Windows XP Hotfix (SP1) [See Q329834 for more information]
    Windows XP Hotfix (SP1) Q329170
    Windows XP Hotfix (SP1) Q810577
    Windows XP Hotfix (SP1) Q810833
    Windows XP Hotfix (SP1) Q811493
    Windows XP Hotfix (SP1) Q815021
    Windows XP Hotfix (SP1) Q817606
    Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329115]
    Windows XP Hotfix- KB810217
    Windows XP Hotfix- KB823559
    Windows XP Hotfix- KB824141
    Windows XP Hotfix- KB825119
    Windows XP Hotfix- KB828035
    Windows XP Hotfix- KB828741
    Windows XP Hotfix- KB833407
    Windows XP Hotfix- KB833987
    Windows XP Hotfix KB834707
    Windows XP Hotfix- KB835732
    Windows XP Hotfix- KB837001
    Windows XP Hotfix- KB839645
    Windows XP Hotfix- KB840315
    Windows XP Hotfix- KB840374
    Windows XP Hotfix- KB841873
    Windows XP Hotfix- KB842773
    Windows XP Hotfix- KB883357
    WinRAR archiver
    WinZip
    Works Suiten Microsoft Word
    XviD MPEG-4 Video Codec
    Yak! 2.1.2
    ZoneAlarm
    ZoneAlarm Pro
     
  17. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Ainoa epäilyttävä on tämä:

    dmrotk01ss.zip

    Ei poista sen asennus.

    Kerrotko tarkemmin mitä popuppeja ne on, niin asia vois selvitä?
     
  18. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Ok, poistin ton. Ja ne popupit, niin tuotteet jota ne mainostaa on nettipokeri, tulostinmuste, hymiöt, pankkilainat, ilmaiset puhelut jne. Useimmiten niiden sivujen titlenä tai mikä se onkaan niin on "New Offer!" Tässä nyt jotain niitten osotteita:

    http://ad.yieldmanager.com/rw?title...GnaPQZUNGwE-L1YJdf46D179xYBMRtDG0ai1EQAAAAA=,

    http://ad.firstadsolution.com/rw?ti...l8FAHAUXGwHbVaDIBqSvgt3umRPhYLfcNFTh1wAAAAA=,

    http://ad.bannerconnect.net/rw?titl...ejAEQJPvGgF0bmRqiih6BfUiub27RAqA0AW7IwAAAAA=,

    http://ad.marketingsector.com/rw?ti...M8OzLaMIGwFhxvsU8lKnZ8jd8IVMPPWhEa9FRAAAAAA=,

    http://fi.errorsafe.com/download/20...FEnAQAAAAAAAAAAAAAAAAAAAAAAAAAAABkL0kQAAAAA,,

    http://66.48.78.222/ron/getronz.php...l=http%3A%2F%2F66.48.78.222%2Fron%2Fblank.php

    Näköjään noi linkit ei kuitenkaan toimi, tai siis että ei tule niitä sivuja näkyviin. Mutta toivottavasti noista nyt jotain hyötyä on.
     
    Last edited: Aug 4, 2006
  19. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Pari asiaa tuli mieleen.

    Kokeillaas ensin tätä:

    Imuroi aproposfix:

    http://swandog46.geekstogo.com/aproposfix.exe

    tallenna työpöydälle. älä aja sitä vielä

    Käynnistä vikasietotilaan

    vikasiedossa tuplaklikkaa aproposfix.exe ja pura se työpöydälle omaan kansioonsa

    sitte eti kansiosta runthis.bat, seuraa näyttöä ja vastaa kysymyksiin

    kun se on valmis buuttaa takas normaalitilaan, skannaa uudestaan hijackthisillä, laita loki tänne
    laita myös tuosta aproposfix kansiosta sen loki log.txt
     
  20. TooMuch

    TooMuch Regular member

    Joined:
    Aug 23, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    26
    Tässä noi:

    Log of AproposFix v1.1

    ************

    Running from directory:
    C:\Documents and Settings\Manninen\Ty”p”yt„\aproposfix\aproposfix

    ************



    Registry entries found:


    ************

    No service found!

    Removing hidden folder:
    No folder found!

    Deleting files:


    Backing up files:
    Done!

    Removing registry entries:

    REGEDIT4


    Done!

    Finished!


    Logfile of HijackThis v1.99.1
    Scan saved at 20:58:04, on 4.8.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yak!\Yak.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = pxoy.tutka.net:8080
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yak!] C:\Program Files\Yak!\Yak.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: USB Phone Driver Startup.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    Last edited: Aug 4, 2006
Thread Status:
Not open for further replies.

Share This Page