# HELP riddled with Trojans  :(



## Hey it's me

OK where do I start? I am going to have to make some confessions here and I assume there are some people who might want to help me and others who will judge me quite harshly. They might consider my situation well deserved.  What can I say? I'm a bad person for BT-ing. Yes, I engage in this behavior. I was turned on by a certain someone and now I'm a BIT addicted. It's quite Torren-tial indeed. Anyway, I was trying to find keygens for Norton, duplicate email removing, avi converter for my ipod and a couple of other things. UHM, now...Norton hasn't reported any problems, however, AVAST is raging with trojan warnings.

Can anyone help me? Does anyone WANT to help me?


----------



## GameMaster

Yes, hello!
*Click here* to download *HJTsetup.exe*
Save HJTsetup.exe to your desktop. 
Double click on the HJTsetup.exe icon on your desktop. 
By default it will install to C:\Program Files\Hijack This. 
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Additional Tasks* dialogue. 
Put a check by *Create a desktop icon* then click *Next* again. 
Continue to follow the rest of the prompts from there. 
At the final dialogue box click *Finish* and it will launch Hijack This. 
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log. 
Click *Save* to save the log file and then the log will open in notepad. 
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 
Come back here to this thread and Paste the log in your next reply. 
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## Hey it's me

Hi thanks for getting back to me so soon..so, I've tried several times to open HJT, can;t seem to do it???? refuses to open and I get a message saying it can;t


----------



## Hey it's me

"windows cannot access the specified device, path or file.  You may not have the appropriate permissions to access the item. "

ARGH!


----------



## Hey it's me

*Please someone HELP!*

among the issues I'm having, HJT for some reason is not installing????


----------



## GameMaster

OK, that definetely means you have some Trojans.
Download *SDFix* and save it to your Desktop. 

Double click *SDFix.exe* and it will extract the files to %systemdrive% 
(Drive that contains the Windows Directory, typically C:\SDFix) 

Please then reboot your computer in *Safe Mode* by doing the following :
Restart your computer 
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; 
Instead of Windows loading as normal, the Advanced Options Menu should appear; 
Select the first option, to run Windows in Safe Mode, then press *Enter*. 
Choose your usual account. 
 Open the extracted SDFix folder and double click *RunThis.bat* to start the script. 
 Type *Y* to begin the cleanup process. 
 It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. 
 Press any Key and it will restart the PC. 
 When the PC restarts the Fixtool will run again and complete the removal process then display *Finished*, press any key to end the script and load your desktop icons. 
 Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as *Report.txt* 
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
 Finally paste the contents of the Report.txt back on the forum with a new HijackThis log 

(If you can't install it in normal mode, try to do it in safe mode ).


----------



## Hey it's me

Avast detected like FIVE Trojans and I allowed them to be placed in "THE CHEST" of AVAST.  I'm going to start another scan with avast while I await some news from you Oh great GAME MASTER.  I am now ON my computer (where's as up till now I've been out and about in the world).  I will be looking for your directions from now on often.
Thanks for the help.  

OK so, here is a report generated by SDFix. 


*System Report*
*************

Run on Mon 03/17/2008 at 04:31 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

*Running Processes*:

\SystemRoot\System32\smss.exe [156]
\??\C:\WINDOWS\system32\csrss.exe [204]
\??\C:\WINDOWS\system32\winlogon.exe [228]
C:\WINDOWS\system32\services.exe [272]
C:\WINDOWS\system32\lsass.exe [284]
C:\WINDOWS\system32\svchost.exe [444]
C:\WINDOWS\system32\svchost.exe [504]
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [560]
C:\WINDOWS\system32\svchost.exe [632]


*Drivers - Running*:

ACPI
Afc
atapi
Beep
catchme
Cdfs
Cdrom
Disk
dmboot
dmio
dmload
FltMgr
Ftdisk
GEARAspiWDM
HDAudBus
HidUsb
i2omgmt
Imapi
isapnp
Kbdclass
kbdhid
KSecDD
Mouclass
mouhid
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
PCIIde
pfc
PxHelp20
rdpdr
redbook
sr
swenum
TermDD
Update
usbehci
usbhub
usbuhci
VgaSave
VolSnap


*Drivers - Stopped*:

Aavmker4
Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
AFD
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
aswMon2
aswRdr
aswTdi
AsyncMac
Atdisk
Atmarpc
audstub
BOCDRIVE
bvrp_pci
cbidf
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
cercsr6
Changer
CmdIde
COH_Mon
Cpqarray
CxLPT
dac2w2k
dac960nt
DMusic
dpti2o
drmkaud
E100B
eeCtrl
EraserUtilRebootDrv
Fastfat
Fdc
Fips
Flpydisk
Gpc
hpn
HTTP
i2omp
i8042prt
ialm
ini910u
IntelC51
IntelC52
IntelC53
IntelIde
intelppm
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
Jukebox
kmixer
lbrtfdc
MHNDRV
mnmdd
Modem
MODEMCSA
mohfilt
mraid35x
MRxDAV
MRxSmb
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NAVENG
NAVEX15
NdisIP
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
nv
NwlnkFlt
NwlnkFwd
P0630VID
Parport
ParVdm
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
ROOTMODEM
SASDIFSV
SASENUM
SASKUTIL
Secdrv
Ser2pl
serenum
Serial
Sfloppy
Simbad
sisagp
SLIP
Sparrow
SPBBCDrv
splitter
SRTSP
SRTSPL
SRTSPX
Srv
STHDA
streamip
swmidi
symc810
symc8xx
SYMDNS
SymEvent
SYMFW
SYMIDS
SYMIDSCO
SymIM
SymIMMP
SYMNDIS
SYMREDRV
SYMTDI
sym_hi
sym_u3
sysaudio
Tcpip
TDPIPE
TDTCP
tmcomm
TosIde
Udfs
ultra
USBAAPL
usbccgp
usbprint
usbscan
usbser
usbsermpt
USBSTOR
viaagp
ViaIde
Wanarp
wanatw
WDICA
wdmaud
WSTCODEC


*Services - Running*:

aawservice
CryptSvc
DcomLaunch
dmserver
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt


*Services - Stopped*:

Alerter
ALG
Apple
AppMgmt
aspnet_state
aswUpdSv
AudioSrv
Automatic
avast!
avast!
avast!
BITS
BOCore
Browser
ccEvtMgr
ccSetMgr
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
CLTNetCnService
COMSysApp
Dhcp
dmadmin
Dnscache
ehRecvr
ehSched
ERSvc
EventSystem
FastUserSwitchingCompatibility
Fax
HidServ
HTTPFilter
IDriverT
ImapiService
iPod
lanmanserver
lanmanworkstation
LiveUpdate
LiveUpdate
LmHosts
Messenger
MHN
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
Netman
NetSvc
Nla
NMSAccessU
NtLmSsp
NtmsSvc
ose
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SamSs
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
stisvc
SwPrv
Symantec
SysmonLog
TapiSrv
TermService
Themes
TlntSvr
TrkWks
UMWdf
upnphost
UPS
usnjsvc
VSS
w32time
WebClient
WmdmPmSN
Wmi
WmiApSrv
wscsvc
wuauserv
WZCSVC
xmlprov


*Files Created/Modified - 60 Days*:


C:\



C:\WINDOWS\



C:\Program Files\



*Files with hidden attributes*:



*Catchme*:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 16:24:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



*Program Folders*:

C:\Program Files\

AIM6
Apple Software Update
ArcSoft
Avast4
Azureus
CCleaner
Common Files
Comodo
ComPlus Applications
Creative
CyberLink
Dell
Dell Inc
Dell Support
epson
Eusing Free Registry Cleaner
FireTrust
Flash
Foxit Software
Google
Grisoft
iDumpPro
InstallShield Installation Information
Intel
Internet Explorer
iPod
itunes
Jasc Software Inc
Java
Lavasoft
MAPILab Ltd
Messenger
MetaStream
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Plus! Digital Media Edition
Microsoft Plus! Photo Story 2 LE
Microsoft.NET
Modem Helper
Modem On Hold
Motorola Phone Tools
Movie Maker
Mozilla Firefox
MSECACHE
MSN
MSN Gaming Zone
MSN Messenger
MySpace
NetMeeting
Norton AntiVirus
Online Services
Outlook Express
Quickbooks
QuickTime
Real
RGB
Sigmatel
Skype
SmitfraudFix
Sonic
Soulseek
Spybot - Search & Destroy
StickerPIX
SUPERAntiSpyware
Symantec
Trend Micro
Uninstall Information
uTorrent
Video Converters
VideoLAN
Viewpoint
Windows Media Player
Windows NT
Windows Plus
Windows Sidebar
WindowsUpdate
WinRAR
WordPerfect Office 12
xerox

C:\Program Files\Common Files\

Adobe
AOL
Apple
ArcSoft
Borland Shared
Corel
DESIGNER
DVDVideoSoft
InstallShield
Intuit
Jasc Software Inc
Java
MAPILab Ltd
Microsoft Shared
MSSoap
Nikon
Nullsoft
ODBC
Real
Services
Skype
Sonic Shared
SpeechEngines
SWF Studio
Symantec Shared
System
Wise Installation Wizard
xing shared


*Add/Remove Programs*:

Adobe Flash Player Plugin
AIM 6
avast! Antivirus
BOClean
Creative WebCam Live! Driver (1.01.01.0730)
Creative WebCam Center
Dell Digital Jukebox Driver
Dell DJ Explorer
EPSON Printer Software
EPSON Scan
Eusing Free Registry Cleaner
Foxit PDF Editor
Foxit Reader
Free YouTube to iPod Converter version 2.8
iDump Build: 24
iDumpPro
Intel(R) 537EP V9x DF PCI Modem
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows XP Media Center Edition 2005 KB895198
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for CAPICOM (KB931906)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Macromedia Shockwave Player
MailWasher Pro
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
MemObj
Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.12)
Intel(R) PRO Network Connections Drivers
LiveUpdate (Symantec Corporation)
RealPlayer
Adobe Flash Player 9 ActiveX
EPSON CX8400 User's Guide
SoulSeek Client 156c
StickerPIX
Norton AntiVirus (Symantec Corporation)
Viewpoint Media Player
VideoLAN VLC media player 0.8.6c
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Macromedia Flash Player
Sonic RecordNow Data
ArcSoft Print Creations
Microsoft Plus! Photo Story 2 LE
Security Update for CAPICOM (KB931906)
Qualxserve Service Agreement
Sonic DLA
EPSON Stylus CX8400 Series Scanner Driver Update
SymNet
Sonic Update Manager
Component Framework
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Windows Media Player 10
Norton AntiVirus Help
Internet Explorer Default Page
MSXML 4.0 SP2 (KB927978)
Modem On Hold
Dell Support 3.1
Windows Live Messenger
Dell Driver Reset Tool
Skype™ 3.6
Norton Protection Center
AOLIcon
Windows Genuine Advantage v1.3.0254.0
PowerDVD 5.5
Digital Content Portal
Microsoft Plus! Digital Media Edition Installer
QuickTime
Java 2 Runtime Environment, SE v1.4.2_03
Microsoft Visual C++ 2005 Redistributable
Dell System Restore
SPBBC 32bit
Norton AntiVirus
Modem Event Monitor
Duplicate Email Remover
Modem Helper
Intel(R) PROSet for Wired Connections
Microsoft Silverlight
Intel(R) Graphics Media Accelerator Driver
Microsoft Office Professional Edition 2003
Sonic Encoders
Windows Messenger 5.1
EducateU
Sonic RecordNow Audio
Dell Picture Studio v3.0
WordPerfect Office 12
Sonic RecordNow Copy
ccCommon
Microsoft .NET Framework 2.0 Service Pack 1
Apple Software Update
iTunes
Motorola Phone Tools
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 1.1
ArcSoft PhotoImpression 6
Symantec Real Time Storage Protection Component
Apple Mobile Device Support
ArcSoft Multimedia Email
Ad-Aware 2007
LiveUpdate (Symantec Corporation)
Windows Rights Management Client Backwards Compatibility
ArcSoft Software Suite
AppCore
Jasc Paint Shop Pro 9
ArcSoft PhotoImpression 5
µTorrent


----------



## Hey it's me

*the rest of the SDFix report*

This report was too long for one posting.   so....


*Run Values*:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\Avast4\\ALWILS~1\\ashDisp.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


*Bot Check*:

SERVICE_NAME: wscsvc
        DISPLAY_NAME       : Security Center  
        START_TYPE         : 4   DISABLED

SERVICE_NAME: sharedaccess
        DISPLAY_NAME       : Windows Firewall/Internet Connection Sharing (ICS)  
        START_TYPE         : 2   AUTO_START

SERVICE_NAME: wuauserv
        DISPLAY_NAME       : Automatic Updates  
        START_TYPE         : 2   AUTO_START

SERVICE_NAME: srservice
        DISPLAY_NAME       : System Restore Service  
        START_TYPE         : 2   AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


*ShellExecuteHooks*:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



*Environment*:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
   ComSpec	REG_EXPAND_SZ  	%SystemRoot%\system32\cmd.exe
   Path	REG_EXPAND_SZ  	%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
   windir	REG_EXPAND_SZ  	%SystemRoot%
   OS	REG_SZ         	Windows_NT
   PATHEXT	REG_SZ         	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
   TEMP	REG_EXPAND_SZ  	%SystemRoot%\TEMP
   TMP	REG_EXPAND_SZ  	%SystemRoot%\TEMP
   SonicCentral	REG_SZ         	C:\Program Files\Common Files\Sonic Shared\Sonic Central\
   CLASSPATH	REG_SZ         	.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
   QTJAVA	REG_SZ         	C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
   SAFEBOOT_OPTION	REG_SZ         	MINIMAL

*SecurityProviders*:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
   SecurityProviders	REG_SZ         	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


*Authentication Packages*:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
   Authentication Packages	REG_MULTI_SZ   	msv1_0\0\0


*Subsystem Startup*:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


*Midi Drivers*:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


*Non-Default IFEO Debugger*:


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentsvr.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\appsvc32.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmonitor.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccenter.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsvchst.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cross.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\discovery.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filedsty.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ftcleanershell.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guangd.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hijackthis.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmor.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ispwdsvc.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kascrscn.scr
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kasmain.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kastask.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavdx.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpfw.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavsetup.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kislnchr.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmfilter.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32x.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfwsvc.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kregex.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\krepair.com
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ksloader.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvcenter.kxp
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvdetect.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvfwmcl.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp.kxp
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp_1.kxp
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvreport.kxp
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvsrvxp.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvstub.kxp
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.kxp
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch9x.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatchx.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\magicset.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsetup.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfw.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwliveupdate.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qhset.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmon.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmond.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravstub.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtask.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regclean.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwproxy.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsagent.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsaupd.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdgames.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shuiniu.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartup.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sos.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sreng.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syssafe.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\systom.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tnt.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojandetector.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojanwall.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojdie.kxp
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\txomou.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufo.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uihost.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxagent.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxattachment.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxcfg.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxfwhlp.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxpol.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uplive.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wopticlean.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsyscheck.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xp.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe
   Debugger	REG_SZ         	C:\WINDOWS\system32\Flower.exe


*Non-Default Installed Components*:


*Non-Default Safeboot Minimal*:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
   <NO NAME>	REG_SZ         	Service


*File Associations*:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


*Finished!*


----------



## Hey it's me

*here are the details of the virus's AVAST found & put in its "CHEST"*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp249362675.tmp
FileID: 0000000030  Original file name: C:\Documents and Settings\Eve\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-15-2008 - 09-29-57\{12E926DE-1F48-4D8A-97CB-2E4C6A923EAD}  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp249362675.tmp\30

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp249362675.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp249362675.tmp\30  Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*more Virus details*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp236409113.tmp
FileID: 0000000029  Original file name: C:\Documents and Settings\Eve\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-15-2008 - 09-29-57\{11821116-0F8D-4FF5-A8D5-330C23399D3D}  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp236409113.tmp\29

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp236409113.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp236409113.tmp\29  Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*More int he Virus chest*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp109753200.tmp
FileID: 0000000027  Original file name: C:\WINDOWS\system32\ssttq.dll  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp109753200.tmp\27.dll

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp109753200.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp109753200.tmp\27.dll  Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*I wonder...when should I stop?*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp89371088.tmp
FileID: 0000000026  Original file name: C:\WINDOWS\system32\ssqpo.dll  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp89371088.tmp\26.dll

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp89371088.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp89371088.tmp\26.dll  Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*more coming after this...*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp167858876.tmp
FileID: 0000000028  Original file name: C:\WINDOWS\system32\ddabb.dll  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp167858876.tmp\28.dll

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp167858876.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp167858876.tmp\28.dll  Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*this one is different...scary!*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp
FileID: 0000000032  Original file name: E:\Bit Torrent Downloads\Plato Video To iPod Converter 4.82+key\PlatoVideo2iPod.exe  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\inno.hdr  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\WizardImage.bmp  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\WizardSmallImage.bmp  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\setup.exe\[Embedded#HELPER_EXE_AMD64]  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\setup.exe\[Embedded#REGDLL_EXE]  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\setup.exe\[Embedded#SHFOLDERDLL]  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\setup.exe  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Video2iPod.exe  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#IDXHDR  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#STRINGS  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#SYSTEM  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#TOPICS  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#URLSTR  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#URLTBL  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\How to Create iPod Video files.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\add.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button1.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button10.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button2.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button3.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button5.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button6.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button7.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button8.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button9.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button_register.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\buy-it-now.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\clear.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\customize setting.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\default settings.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\dvd ripper pro.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\help.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\interface.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\mail.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\open.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\output_path.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\Plato_logo.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\play.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\point.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\register.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\register_vieotoipod.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\remove.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\sliders.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\source review.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\start.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\startbutton.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\stop_mouseover.bmp  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\video converter.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\videopreiview.jpg  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\installation.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\main window.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\overview.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\plato video converter.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\product_dvdripper.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\purchase.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\register to get full version.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\support.htm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\videotoipod1.hhc  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\setting\AddiTunes.exe  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\setting\Data.xml  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\setting\iPod.xml  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\VideoEdit.ocx  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\viscomqtde.dll  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\viscomwave.dll  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\mpgfiltr.ax  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\RealMediaSplitter.ax  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\avcodec-51.dll  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\avformat-51.dll  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\avutil-49.dll  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\libmp3lame-0.dll  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\SkinCrafter.dll  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Denna.skf  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\main.ico  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Help.ico  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Home.ico  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Uninstall.ico  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]  -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe  Win32:Small-FBJ [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*am I doomed??  *

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp
FileID: 0000000035  Original file name: C:\Documents and Settings\Eve\Local Settings\Temp\_avast4_\unp152198242.tmp  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp\35.tmp

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp\35.tmp\[FSG]  Win32:Agent-SIM [Trj]
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp\35.tmp  -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*Omg!*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp
FileID: 0000000037  Original file name: C:\WINDOWS\system32\Flower.exe  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp\37.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp\37.exe\[FSG]  Win32:Agent-SIM [Trj]
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp\37.exe  -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*  *

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp
FileID: 0000000039  Original file name: C:\WINDOWS\system32\drivers\disdn\Flower.exe  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp\39.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp\39.exe\[FSG]  Win32:Agent-SIM [Trj]
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp\39.exe  -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*Heeellllpppp!*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp
FileID: 0000000033  Original file name: c:\windows\system32\anhao.exe  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp\33.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp\33.exe\[FSG]  Win32:Agent-SIM [Trj]
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp\33.exe  -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*almost done*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp102948884.tmp
FileID: 0000000034  Original file name: C:\a.exe  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp102948884.tmp\34.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp102948884.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp102948884.tmp\34.exe  Win32:Agent-EPC [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*one more after this..pls don't give up on me*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp53473301.tmp
FileID: 0000000036  Original file name: C:\Documents and Settings\Eve\Local Settings\Temporary Internet Files\Content.IE5\X900WE7M\2008[1].exe  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp53473301.tmp\36.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp53473301.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp53473301.tmp\36.exe  Win32:Agent-EPC [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## Hey it's me

*This one I don;t understand. An ANCIENT file!*

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp125161757.tmp
FileID: 0000000038  Original file name: C:\Documents and Settings\Eve\My Documents\pomona\Dolphins\Dolphins and the Military web articles saved\Dolphins of War.mht\PartNo_0#4076310979  New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp125161757.tmp\38

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp125161757.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp125161757.tmp\38  VBS:Malware-gen
------------------------------------------------------------------------------------------
Action was completed successfully!


----------



## GameMaster

Oh come on lol, you spammed the whole thread.
Relax, if only you've read the lines you would see the -*No virus*- at the end.
Please tell me is your system running any better now? Should be because the SDFix has removed much of the nasties.
Also I have a speech here for you.
*IMPORTANT* I notice there are signs of one or more *P2P (Person to Person) File Sharing Programs* on your computer. 

*uTorrent* 

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them. 


Also available *here*. 

My recommendation is you go to *Control Panel > Add/Remove Programs* and uninstall the programs listed above (in red).

*If you wish to keep them, please do not use them until your computer is cleaned.*

Shortly, I want you to delete the P2P sharing programs ( all that you have installed ) and then we can continue fixing your computer ( if any remnants left ).
Good luck


----------



## GameMaster

And there are some remnants, sorry. Please, if you are able, delete the P2P program and do the following:
Please visit this webpage for instructions for downloading ComboFix at  your *DESKTOP*:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.  
Please post the *C:\ComboFix.txt *along with a *new HijackThis log* so we may continue cleaning the system.


----------



## Hey it's me

ok, working on it.  ARGH! I did say I have a "BIT" of a "Torren-tial" addiction.  I'm deleting Utorrent. I'll be back soon. please don;t go away. Thanks!


----------



## Hey it's me

*here's a report combofix generated. is this what i was supposed to post?*

ComboFix 08-03-17.1 - Eve 2008-03-17 17:36:01.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.855 [GMT -5:00]
Running from: C:\Documents and Settings\Eve\Desktop\ComboFix.exe
 * Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

(((((((((((((((((((((((((   Files Created from 2008-02-17 to 2008-03-17  )))))))))))))))))))))))))))))))
.

2008-03-17 16:50 . 2008-03-17 16:50	<DIR>	d----c---	C:\WINDOWS\LastGood
2008-03-15 19:18 . 2008-03-15 19:18	<DIR>	d----c---	C:\Program Files\Trend Micro
2008-03-15 18:29 . 2006-03-18 06:09	613,376	--a--c---	C:\WINDOWS\system32\XFlower.dll
2008-03-13 16:35 . 2008-03-13 16:35	<DIR>	d----c---	C:\Program Files\Windows Sidebar
2008-03-13 16:35 . 2008-03-13 16:40	<DIR>	d----c---	C:\Program Files\Norton AntiVirus
2008-03-13 16:35 . 2008-03-13 16:36	123,952	--a--c---	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-13 16:35 . 2008-03-13 16:36	60,800	--a--c---	C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-13 16:35 . 2008-03-13 16:36	10,563	--a--c---	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-13 16:35 . 2008-03-13 16:36	805	--a--c---	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-13 13:21 . 2008-03-13 13:21	<DIR>	d----c---	C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-02-28 13:28 . 2005-07-19 23:05	135,168	--a--c---	C:\WINDOWS\system32\igfxres.dll
2008-02-28 13:27 . 2007-12-04 08:04	837,496	--a--c---	C:\WINDOWS\system32\aswBoot.exe
2008-02-28 13:27 . 2004-01-09 04:13	380,928	--a--c---	C:\WINDOWS\system32\actskin4.ocx
2008-02-28 13:27 . 2007-12-04 07:54	95,608	--a--c---	C:\WINDOWS\system32\AvastSS.scr
2008-02-28 13:21 . 2004-08-10 06:00	1,875,968	--a--c---	C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-28 13:20 . 2004-08-10 06:00	13,463,552	--a--c---	C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-28 13:19 . 2004-08-10 06:00	2,134,528	--a--c---	C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-28 13:18 . 2008-02-28 13:18	316,640	--a--c---	C:\WINDOWS\WMSysPr9.prx
2008-02-28 13:18 . 2008-02-28 13:18	23,392	--a--c---	C:\WINDOWS\system32\nscompat.tlb
2008-02-28 13:18 . 2008-02-28 13:18	16,832	--a--c---	C:\WINDOWS\system32\amcompat.tlb
2008-02-28 13:18 . 2008-02-28 13:18	0	--a--c---	C:\WINDOWS\control.ini
2008-02-28 13:13 . 2008-02-28 13:13	749	-rah-c---	C:\WINDOWS\WindowsShell.Manifest
2008-02-28 13:13 . 2008-02-28 13:13	749	-rah-c---	C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-28 13:13 . 2008-02-28 13:13	749	-rah-c---	C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-28 13:13 . 2008-02-28 13:13	749	-rah-c---	C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-28 13:13 . 2008-02-28 13:13	749	-rah-c---	C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-28 13:13 . 2008-02-28 13:13	488	-rah-c---	C:\WINDOWS\system32\logonui.exe.manifest
2008-02-28 13:12 . 2004-08-10 06:00	188,416	--a--c---	C:\WINDOWS\system32\msh261.drv
2008-02-28 13:12 . 2004-08-10 06:00	118,784	--a--c---	C:\WINDOWS\system32\msg723.acm
2008-02-28 13:12 . 2004-08-10 06:00	48,680	---hsc---	C:\WINDOWS\winnt256.bmp
2008-02-28 13:12 . 2004-08-10 06:00	48,680	---hsc---	C:\WINDOWS\winnt.bmp
2008-02-28 13:12 . 2004-08-10 06:00	16,384	--a--c---	C:\WINDOWS\system32\dllcache\isignup.exe
2008-02-28 13:12 . 2004-08-10 06:00	2	--a--c---	C:\WINDOWS\system32\desktop.ini
2008-02-28 13:12 . 2004-08-10 06:00	2	--a--c---	C:\WINDOWS\desktop.ini
2008-02-28 13:07 . 2008-02-28 13:07	<DIR>	d----c---	C:\WINDOWS\system32\FxsTmp
2008-02-28 13:07 . 2008-02-28 13:07	34,380	--a--c---	C:\WINDOWS\system32\emptyregdb.dat
2008-02-28 13:07 . 2008-02-28 13:07	37	--a--c---	C:\WINDOWS\vbaddin.ini
2008-02-28 13:07 . 2008-02-28 13:07	36	--a--c---	C:\WINDOWS\vb.ini
2008-02-28 13:05 . 2004-08-10 06:00	345,088	--a--c---	C:\WINDOWS\system32\hypertrm.dll
2008-02-28 12:55 . 2004-08-10 06:00	2,008,817	--a--c---	C:\WINDOWS\system32\dllcache\NT5.CAT
2008-02-28 12:54 . 2004-08-10 06:00	1,086,058	-ra--c---	C:\WINDOWS\SETD7.tmp
2008-02-28 12:54 . 2004-08-10 06:00	106,147	-ra--c---	C:\WINDOWS\SETD4.tmp
2008-02-28 12:54 . 2004-08-10 06:00	13,753	-ra--c---	C:\WINDOWS\SETE3.tmp
2008-02-28 07:49 . 2008-02-28 13:24	238	--a--c---	C:\WINDOWS\system32\$winnt$.inf
2008-02-24 20:33 . 2007-07-30 19:19	271,224	--a--c---	C:\WINDOWS\system32\mucltui.dll
2008-02-24 20:33 . 2007-07-30 19:19	30,072	--a--c---	C:\WINDOWS\system32\mucltui.dll.mui

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 21:56	---------	dc----w	C:\Documents and Settings\Eve\Application Data\MailWasherPro
2008-03-15 18:06	---------	dc----w	C:\Program Files\Common Files\Symantec Shared
2008-03-13 21:38	---------	dc----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-13 21:36	---------	dc----w	C:\Program Files\Symantec
2008-03-13 20:38	---------	dc----w	C:\Program Files\Spybot - Search & Destroy
2008-03-13 20:38	---------	dc----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-13 20:28	---------	dc----w	C:\Documents and Settings\Eve\Application Data\Symantec
2008-03-13 20:27	---------	dc----w	C:\Program Files\Azureus
2008-03-13 18:11	---------	dc----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 18:11	---------	dc----w	C:\Documents and Settings\Eve\Application Data\SUPERAntiSpyware.com
2008-03-13 18:09	---------	dc----w	C:\Program Files\CCleaner
2008-02-25 02:29	---------	dc----w	C:\Documents and Settings\Eve\Application Data\Azureus
2008-02-08 23:29	---------	dc----w	C:\Program Files\MSECACHE
2008-02-06 18:43	579,464	-c--a-w	C:\WINDOWS\system32\SymNeti.dll
2008-02-06 18:43	31,408	-c--a-w	C:\WINDOWS\system32\drivers\SymIM.sys
2008-02-06 18:43	207,240	-c--a-w	C:\WINDOWS\system32\SymRedir.dll
2008-02-06 18:43	13,021	-c--a-w	C:\WINDOWS\system32\drivers\SymRedir.cat
2008-02-05 16:34	96,432	-c--a-w	C:\WINDOWS\system32\drivers\symfw.sys
2008-02-05 16:34	41,008	-c--a-w	C:\WINDOWS\system32\drivers\symndisv.sys
2008-02-05 16:34	38,576	-c--a-w	C:\WINDOWS\system32\drivers\symids.sys
2008-02-05 16:34	37,424	-c--a-w	C:\WINDOWS\system32\drivers\symndis.sys
2008-02-05 16:34	22,320	-c--a-w	C:\WINDOWS\system32\drivers\symredrv.sys
2008-02-05 16:34	188,464	-c--a-w	C:\WINDOWS\system32\drivers\symtdi.sys
2008-02-05 16:34	13,616	-c--a-w	C:\WINDOWS\system32\drivers\symdns.sys
2008-02-05 16:34	1,612	-c--a-w	C:\WINDOWS\system32\drivers\SymRedir.inf
2008-02-04 17:27	1,430	-c--a-w	C:\WINDOWS\system32\drivers\srtspl.inf
2008-02-04 17:27	1,421	-c--a-w	C:\WINDOWS\system32\drivers\srtspx.inf
2008-02-04 17:27	1,415	-c--a-w	C:\WINDOWS\system32\drivers\srtsp.inf
2008-02-01 19:55	10,549	-c--a-w	C:\WINDOWS\system32\drivers\srtspx.cat
2008-02-01 19:55	10,549	-c--a-w	C:\WINDOWS\system32\drivers\srtspl.cat
2008-02-01 19:55	10,545	-c--a-w	C:\WINDOWS\system32\drivers\srtsp.cat
2008-02-01 06:02	---------	dc----w	C:\Program Files\Soulseek
2008-01-31 22:51	43,696	-c--a-w	C:\WINDOWS\system32\drivers\srtspx.sys
2008-01-31 22:51	317,616	-c--a-w	C:\WINDOWS\system32\drivers\srtspl.sys
2008-01-31 22:51	279,088	-c--a-w	C:\WINDOWS\system32\drivers\srtsp.sys
2008-01-31 22:04	---------	dc----w	C:\Documents and Settings\All Users\Application Data\Creative
2008-01-31 22:03	---------	dc----w	C:\Program Files\Dell
2008-01-30 02:22	---------	dc----w	C:\Program Files\Motorola Phone Tools
2008-01-29 23:12	---------	dc----w	C:\Program Files\SmitfraudFix
2008-01-29 23:09	---------	dc----w	C:\Program Files\Flash
2008-01-29 23:09	---------	dc----w	C:\Program Files\Comodo
2008-01-29 22:27	---------	dc----w	C:\Program Files\FireTrust
2008-01-19 14:20	---------	dc----w	C:\Program Files\itunes
2008-01-18 21:01	---------	dc----w	C:\Program Files\iPod
2008-01-18 20:58	---------	dc----w	C:\Program Files\QuickTime
2008-01-17 23:06	---------	dc----w	C:\Program Files\SUPERAntiSpyware
2008-01-17 14:05	---------	dc----w	C:\Program Files\Foxit Software
2008-01-17 13:51	---------	dc----w	C:\Documents and Settings\All Users\Application Data\BOC425
2007-12-04 14:56	32	-c--a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-12-21 03:27	92,064	-c--a-w	C:\Documents and Settings\Eve\mqdmmdm.sys
2006-12-21 03:27	9,232	-c--a-w	C:\Documents and Settings\Eve\mqdmmdfl.sys
2006-12-21 03:27	79,328	-c--a-w	C:\Documents and Settings\Eve\mqdmserd.sys
2006-12-21 03:27	66,656	-c--a-w	C:\Documents and Settings\Eve\mqdmbus.sys
2006-12-21 03:27	6,208	-c--a-w	C:\Documents and Settings\Eve\mqdmcmnt.sys
2006-12-21 03:27	5,936	-c--a-w	C:\Documents and Settings\Eve\mqdmwhnt.sys
2006-12-21 03:27	4,048	-c--a-w	C:\Documents and Settings\Eve\mqdmcr.sys
2006-12-21 03:27	25,600	-c--a-w	C:\Documents and Settings\Eve\usbsermptxp.sys
2006-12-21 03:27	22,768	-c--a-w	C:\Documents and Settings\Eve\usbsermpt.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-13 16:37	116088	--a--c---	C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe" [2007-12-04 08:00 79224]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 23:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 23:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 23:10 114688]
"SigmatelSysTrayApp"="stsystra.exe" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-06 22:49 718704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-10 05:00 44544]

C:\Documents and Settings\Eve\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2008-01-29 17:27:41 5661184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cross.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Discovery.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guangd.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SDGames.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ShuiNiu.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sos.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Systom.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TNT.Exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TxoMoU.Exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UFO.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Wsyscheck.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\XP.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SAC-Desktop-Alert.lnk]
backup=C:\WINDOWS\pss\SAC-Desktop-Alert.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eve^Start Menu^Programs^Startup^Norton Disk Doctor.LNK]
backup=C:\WINDOWS\pss\Norton Disk Doctor.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2007-04-27 16:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
--a--c--- 2007-11-26 10:38 342272 C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a--c--- 2004-07-30 11:04 245760 C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2005-02-23 16:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a--c--- 2007-02-15 06:00 179200 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCamPro.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-07-18 20:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\itunes\\iTunes.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\iDumpPro\NMSAccessU.exe [2007-10-12 04:34]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 13:43]
S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-29 20:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 13:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 20:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-13 21:40:04 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Eve.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 17:38:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-03-17 17:39:30
.
2008-03-17 21:55:24	--- E O F ---


----------



## GameMaster

Fine, thanks.
Now let's try some more things.
*F-Secure Online Scan*

Scan online using *F-Secure Online Scanner Next Generation* using *Internet Explorer* 
http://support.f-secure.com/enu/home/ols3.shtml 

Click on the link "*F-Secure Online Scanner Next Generation*". 
You may receive an alert on the address bar at this point to install the ActiveX control. 
Click on that alert and then Click *Insall ActiveX component*. 
Read the license agreement and click "*Accept*". 
Click "*Full System Scan*" to download the scanning components and begin scan and cleaning. 
When done click "*Show report*" and copy/paste its contents into your next reply.


----------



## Hey it's me

GM, While I'm doing the F-Secure thing can you tell me if it matters that AVAST has put the Trojans and viruses in its "CHEST"? I mean is it protected in their? AM I supposed to press something in the AVAST program to "delete" those files that are infected?


----------



## GameMaster

As long as the files/malwares are in the chest the PC should be relatively safe.
Please, when done scanning, post the F-Secure log; I realise it may take long, so take your time.
I think I will most likely be able to answer to you tomorrow.


----------



## Hey it's me

OK, I understand, I'm hoping it will finish before you have to go to sleep (I see you're in completely different Time zone!). I have moved to my (borrowed) laptop so the desktop can ONLY focus on the F-Secure scan. I'm not going to be home with my desktop tomorrow (Tuesday EST), but I'll be back on it Wednesday. This is frustrating. I know...it's my own fault. I thought I had the issue covered. I was scanning the downloaded items every time before opening them. Hey! BTW, can you see I have TWO hard drives in the reports?  I mean, is it possible to have my "other" hard drive infected and have the computer report it? I guess it would say if the issue was in the C drive or (what i have named) Shenanigans Padunkadunk (my "other" hard drive.)


----------



## Hey it's me

*F-Secure report*

Scanning Report
Monday, March 17, 2008 17:54:50 - 19:06:28

Computer name: DESKTOP
Scanning type: Scan system for malware, rootkits
Target: C:\ E:\
Result: 2 malware found
RiskTool.Win32.Reboot (spyware)

    * System 

Tracking Cookie (spyware)

    * System 

Statistics
Scanned:

    * Files: 49912
    * System: 3602
    * Not scanned: 9 

Actions:

    * Disinfected: 0
    * Renamed: 0
    * Deleted: 0
    * None: 2
    * Submitted: 0 

Files not scanned:

    * C:\HIBERFIL.SYS
    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    * C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{79B3A11B-972A-4BD6-BA69-C14957A5E81A}.BIN
    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_5B150187-0F05-4C72-917C-77C8E6964AC4 

Options
Scanning engines:

    * F-Secure USS: 2.30.0
    * F-Secure Blacklight: 1.0.64
    * F-Secure Hydra: 2.8.8110, 2008-03-17
    * F-Secure Pegasus: 1.20.0, 2008-02-07
    * F-Secure AVP: 7.0.171, 2008-03-17 

Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    * Use Advanced heuristics 

      Copyright © 1998-2007 Product support |Send virus sample to F-Secure
      F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


----------



## Vizy

man that looks scary


----------



## GameMaster

Vizy93 said:


> man that looks scary



Not at all.

OK, I've analysed it. The scan found two malwares, both spywares.
I will only suggest you a Spybot search and destroy and you can do a scan and fix with it when on your (infected) computer.

Apart from that, the system is definetely clean.

Spybot Search & Destroy 

Spybot S&D is available from here. 

Download and Install Spybot S&D (if you haven't already), accept the Default Settings 
In the Menu Bar at the top of the Spybot window you will see Mode. 
Make certain that 'Default Mode has a check mark beside it. 
Close *ALL* windows except Spybot S&D 
Click the button to 'Search for Updates' then download and install the updates.
                         ----------------------------- 
Next click the button 'Check for Problems' 
When Spybot is complete, it will be showing 'RED' entries bold '*BLACK*' entries and 'GREEN' entries in the window 
Make certain there is a check mark beside all of the RED *entries ONLY*. 
Choose 'Fix Selected Problems' and allow Spybot to fix the RED entries.


----------



## Hey it's me

Game Master, Thanks so much for the help. you were a HUGE help.  I think I'm cleaned up now. Not quite sure, but things seem to be moving better. I was using AVAST and Norton 2008.  Now I'm planning on using only NAV 2006.  Hopefully that will be good enough.  I want to sell this Dell soon and get a Mac anyway.


----------



## konsole

dang you got a ton of programs install there.  Not that there creating any negative performance but looks like you could free up some of that space.


----------

