Help!! CPU running slow, yellow triangle w/ exclamation pt and constant pop-ups

[angelgirl30]

Hi,

Lately my computer has been running very slow (start up is also very slow) and I've been bombarded with constant pop-ups. I've also been experiencing strange icons in my system tray (yellow triangle with an explanation point in the centre of it as well as a red circle with an X through it). I've run Avast Anti-Virus and Ad-Aware SE with no success. Any help you can provide will be greatly appreciated. Thank you!!



Deckard's System Scanner v20070423.42
Run by Carla on 2007-04-25 at 15:22:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-04-25 19:23:04 UTC - RP2064 - Deckard's System Scanner Restore Point
92: 2007-04-25 18:33:34 UTC - RP2063 - Software Distribution Service 2.0
91: 2007-04-25 15:19:31 UTC - RP2062 - Software Distribution Service 2.0
90: 2007-04-25 04:34:21 UTC - RP2061 - Software Distribution Service 2.0
89: 2007-04-25 04:12:25 UTC - RP2060 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-01-25 20:47:45 UTC - RP1972 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Carla.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:31:14 PM, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\retadpu2000340.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\bak\Ares.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Free Sticky Notes\freenote.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Carla\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Carla.exe

F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {121950A7-E2F1-4081-95B0-5997943736E2} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: PsapiAnalyzer Object - {125399A6-E13D-42CE-A021-7F9069A79440} - c:\windows\fonts\pcreg.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp4.tmp.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {B9697716-61E6-4FBC-89FD-EAC504D9EFE3} - C:\WINDOWS\system32\rqrsspp.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: (no name) - {c2dace2d-f27f-4591-97be-10c379cef2e6} - C:\WINDOWS\system32\lprcmd.dll (file missing)
O2 - BHO: (no name) - {C3F16958-9601-43E3-AC3C-6E89762079Ec} - C:\WINDOWS\system32\lbymhjxa.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - C:\WINDOWS\system32\msnhlp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Carla\Desktop\winstall.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000340.exe 61A847B5BBF72810329B385576F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E77DB6C0736AC53FD97CB77
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\veqgcgmy.dll",setvm
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to Free Sticky Notes.LNK = C:\Program Files\Free Sticky Notes\freenote.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angelgirl76.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - https://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: lprcmd - lprcmd.dll (file missing)
O20 - Winlogon Notify: pcreg - c:\windows\fonts\pcreg.dll
O20 - Winlogon Notify: rqrsspp - C:\WINDOWS\SYSTEM32\rqrsspp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing)


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20060815-211037-227 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
backup-20060815-211037-251 R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
backup-20060815-211037-266 O15 - Trusted Zone: *.frame.crazywinnings.com
backup-20060815-211037-272 O15 - Trusted Zone: *.dapsol.com
backup-20060815-211037-280 O15 - Trusted Zone: *.dapsol.com (HKLM)
backup-20060815-211037-461 O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx
backup-20060815-211037-574 R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
backup-20060815-211037-603 O15 - Trusted Zone: *.bestsearch.cc
backup-20060815-211037-606 O4 - HKLM\..\Run: [wintt.exe] C:\WINDOWS\system32\wintt.exe
backup-20060815-211037-710 O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
backup-20060815-211037-757 O15 - Trusted Zone: *.bestsearch.cc (HKLM)
backup-20060815-211037-784 O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
backup-20060815-211037-795 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
backup-20060815-211037-873 O4 - HKLM\..\RunServices: [ine] svchosts.exe
backup-20060815-211037-952 O15 - Trusted IP range: 206.161.125.149
backup-20060815-211037-970 O4 - HKLM\..\Run: [ine] svchosts.exe
backup-20060815-211038-461 O21 - SSODL: TLxSODndBFQ - {8CCF4E95-2665-E43F-A8F9-A03A8FFDAA1C} - C:\WINDOWS\System32\jlilkr.dll (file missing)
backup-20060829-192433-869 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/087cfa0f...p/RdxIE601.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R1 cdudf_xp - c:\windows\system32\drivers\cdudf_xp.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver; 7.0.0.162; 7.0.0.162>
R1 pwd_2k - c:\windows\system32\drivers\pwd_2k.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys <Verified; Silicon Integrated Systems Corporation; SiS (R) WindowsXP Display Manager; 6.14.10.3611; 6.14.10.3611>
R1 UDFReadr - c:\windows\system32\drivers\udfreadr.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1; 1.0.0.22; 1.1.1.30>
R3 dvd_2K - c:\windows\system32\drivers\dvd_2k.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R3 itchfltr (iTouch Keyboard Filter) - c:\windows\system32\drivers\itchfltr.sys <Verified; Logitech, Inc.; Logitech iTouch(TM); 2.10.251.0; 2.10.251.0>
R3 L8042pr2 (Logitech PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042pr2.sys <Verified; Logitech, Inc.; Logitech MouseWare(TM); 9.75.294.0; 9.75.294.0>
R3 mmc_2K - c:\windows\system32\drivers\mmc_2k.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R3 P0630VID (Creative WebCam Live!) - c:\windows\system32\drivers\p0630vid.sys <Verified; Creative Technology Ltd.; ; ; 1.00.01.00>
R3 SiS315 - c:\windows\system32\drivers\sisgrp.sys <Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA Miniport Driver for Windows XP; 6.14.10.3611; 6.14.10.3611>
R3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - c:\windows\system32\drivers\sisnic.sys <Not Verified; SiS Corporation; NDIS 5 NIC Driver; 1.13.02.00; 1.13.02.00 built by: WinDDK>


pe386 driver present

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; ; 8, 1, 0, 14; 8, 1, 0, 14>

S3 lxbs_device - c:\windows\system32\lxbscoms.exe -service <Verified; Lexmark International, Inc.; Lexmark Communication System; 1.27.12.0; 1.27.12.0>
S3 SM_ml1600_FUService (ML-2010 Status Monitor Service) - "c:\program files\samsung ml-2010 series\commonsm\ssmsrvc /service (file missing)


-- Files created between 2007-03-25 and 2007-04-25 -----------------------------

2007-04-25 15:02:52 0 d-------- C:\Program Files\SpywareBlaster
2007-04-24 22:29:18 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-24 21:28:35 208998 --a------ C:\WINDOWS\system32\rsnujvrb.exe
2007-04-24 21:28:35 2068 --a------ C:\WINDOWS\system32\glcpyjca.exe
2007-04-23 21:29:39 131604 --a------ C:\WINDOWS\system32\lbymhjxa.dll
2007-04-23 21:28:38 208998 --a------ C:\WINDOWS\system32\jbwwgvfq.exe
2007-04-23 21:28:28 2068 --a------ C:\WINDOWS\system32\iwkhtqfn.exe
2007-04-23 17:29:10 45056 -ra------ C:\WINDOWS\retadpu2000340.exe <Not Verified; ; updater Application; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-22 15:13:34 208998 --a------ C:\WINDOWS\system32\nfwjbqfj.exe
2007-04-22 15:13:33 2068 --a------ C:\WINDOWS\system32\gdgawoss.exe
2007-04-22 15:13:17 2068 --a------ C:\WINDOWS\system32\ctgidxii.exe
2007-04-21 15:13:19 208998 --a------ C:\WINDOWS\system32\vgqvkxjj.exe
2007-04-21 15:13:17 737339 ---hs---- C:\WINDOWS\system32\yycdd.bak2
2007-04-21 15:13:17 2068 --a------ C:\WINDOWS\system32\jwrvpfsk.exe
2007-04-21 05:32:34 44544 -ra------ C:\WINDOWS\updater.exe <Not Verified; ; updater Application; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-20 22:34:23 0 --a------ C:\WINDOWS\winhp32.exe
2007-04-20 22:32:45 123972 --a------ C:\WINDOWS\system32\veqgcgmy.dll
2007-04-20 15:24:07 18432 --a------ C:\WINDOWS\sysrlb32.exe <Not Verified; Microsoft Corp.; Project1; 1.00; 1.00>
2007-04-20 15:13:10 2068 --a------ C:\WINDOWS\system32\mmhgssdc.exe
2007-04-20 15:13:07 208998 --a------ C:\WINDOWS\system32\ceofmyyt.exe
2007-04-20 15:13:06 735951 ---hs---- C:\WINDOWS\system32\yycdd.bak1
2007-04-20 15:12:36 280660 ---hs---- C:\WINDOWS\system32\jkhhg.dll
2007-04-20 15:12:36 280660 ---hs---- C:\WINDOWS\system32\ddcyy.dll
2007-04-20 1540 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-04-20 1521 12 --a------ C:\WINDOWS\system32\sl.bin
2007-04-20 15:05:45 25856 --a------ C:\WINDOWS\vxddsk.exe
2007-04-20 15:05:44 19456 --a------ C:\WINDOWS\system32\wml.exe
2007-04-20 15:05:44 14848 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-04-20 15:05:43 16896 --a------ C:\WINDOWS\wml.exe
2007-04-20 15:05:43 14848 --a------ C:\WINDOWS\SUSP.exe
2007-04-20 15:05:42 20992 --a------ C:\WINDOWS\satmat.exe
2007-04-20 15:05:40 22016 --a------ C:\WINDOWS\flt.dll
2007-04-20 15:05:40 23296 --a------ C:\WINDOWS\7search.dll
2007-04-20 15:05:39 21504 --a------ C:\WINDOWS\764.exe
2007-04-20 15:05:38 21760 --a------ C:\WINDOWS\stcloader.exe
2007-04-20 15:05:38 19456 --a------ C:\WINDOWS\pbar.dll
2007-04-20 15:05:37 8960 --a------ C:\WINDOWS\voiceip.dll
2007-04-20 15:05:37 17152 --a------ C:\WINDOWS\swin32.dll
2007-04-20 15:05:37 16128 --a------ C:\WINDOWS\cdsm32.dll
2007-04-20 15:05:36 11008 --a------ C:\WINDOWS\bokja.exe
2007-04-20 15:05:35 22528 --a------ C:\WINDOWS\mspphe.dll
2007-04-20 15:05:35 24320 --a------ C:\WINDOWS\bjam.dll
2007-04-20 15:05:32 28672 --a------ C:\WINDOWS\system32\MSIXU.DLL
2007-04-20 15:05:31 17664 --a------ C:\WINDOWS\system32\WER8274.DLL
2007-04-20 15:05:31 31232 --a------ C:\WINDOWS\180ax.exe
2007-04-20 15:05:29 25344 --a------ C:\WINDOWS\updatetc.exe
2007-04-20 15:05:29 9472 --a------ C:\WINDOWS\salm.exe
2007-04-20 15:05:28 9984 --a------ C:\WINDOWS\saiemod.dll
2007-04-20 15:05:21 21504 --a------ C:\WINDOWS\system32\msnhlp32.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer; 1.00.0048; 1.00.0048>
2007-04-20 15:05:18 17408 --a------ C:\WINDOWS\system32\tmrsrv32.exe <Not Verified; Microsoft; Timer Service; 1.00.0013; 1.00.0013>
2007-04-20 15:05:17 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-04-20 15:05:06 4669 --a------ C:\WINDOWS\1.exe
2007-04-20 15:04:57 81412 --a------ C:\WINDOWS\system32\idleserv.exe <Not Verified; Microsoft; IDLE component; 1.00.0064; 1.00.0064>
2007-04-20 15:04:55 12800 --a------ C:\WINDOWS\system32\user_32.dll <Not Verified; Home; Microsoft Internet Transfer; 1.00.0024; 1.00.0024>
2007-04-20 15:04:23 11612 --a------ C:\svhost.exe
2007-04-20 15:04:10 26694 --a------ C:\WINDOWS\system32\rqrsspp.dll
2007-04-20 15:04:00 4669 --a------ C:\1.exe
2007-04-12 20:31:44 1141 --a------ C:\WINDOWS\checkip.dat


-- Find3M Report ---------------------------------------------------------------

2007-04-24 23:17:23 0 d-------- C:\Program Files\MSN Messenger
2007-04-24 23:12:21 0 d-------- C:\Program Files\Free Sticky Notes
2007-04-24 23:12:15 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2007-04-23 21:26:10 0 d-------- C:\Program Files\Lx_cats
2007-04-15 16:18:56 0 d-------- C:\Program Files\Ares
2007-04-15 12:43:26 0 d-------- C:\Program Files\TClockEx
2007-04-11 16:15:12 0 d-------- C:\Documents and Settings\Carla\Application Data\Skype
2007-02-06 21:51:37 0 --a------ C:\WINDOWS\system32\kernel32.exe


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{121950A7-E2F1-4081-95B0-5997943736E2} C:\WINDOWS\system32\ddcyy.dll
{125399A6-E13D-42CE-A021-7F9069A79440} c:\windows\fonts\pcreg.dll
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\tmp4.tmp.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{B9697716-61E6-4FBC-89FD-EAC504D9EFE3} C:\WINDOWS\system32\rqrsspp.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
{c2dace2d-f27f-4591-97be-10c379cef2e6} C:\WINDOWS\system32\lprcmd.dll [x]
{C3F16958-9601-43E3-AC3C-6E89762079Ec} C:\WINDOWS\system32\lbymhjxa.dll
{EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} C:\WINDOWS\system32\msnhlp32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,_RunDLLEntry@16"
"Logitech Utility"="Logi_MwX.Exe"
"explorer"="C:\\Documents and Settings\\Carla\\Desktop\\winstall.exe"
"runner1"="C:\\WINDOWS\\retadpu2000340.exe 61A847B5BBF72810329B385576F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E77DB6C0736AC53FD97CB77"
"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\veqgcgmy.dll\",setvm"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DS Clock"="\"C:\\Program Files\\DS Clock\\dsclock.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Program Files\\Ares\\bak\\Ares.exe\" -h"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{8CCF4E94-0960-1033-0310-040829200002}"="\"C:\\Program Files\\Common Files\\{8CCF4E94-0960-1033-0310-040829200002}\\Update.exe\" mc-110-12-0001411"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{B9697716-61E6-4FBC-89FD-EAC504D9EFE3}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lprcmd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcreg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsspp

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-04-25 at 15:33:34 ---------

[TheBruce1]

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

[TheBruce1]

Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
--------------------------------------------------------------------------------------------

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

---------------------------------------------------------------------------------------------

P2P

P2P - I see you have P2P software <Ares 1.9.7,BitTornado 0.3.9,BitTorrent 3.4.2>) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------------------------------------------------------------
Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.

• Right click the running icon of Spywareguard located in the system tray
• Go to Menu > File > Exit and confirm the programs close.

Ewido

*Open Ewido by double-clicking the yellow 'E' icon in the system tray.
*In the 'Your security status' section, toggle the Ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.
*When you reboot, Ewido will prompt you as to whether you would like to "Restart the guard?".
*Reply 'no' and set it to 'inactive' for the duration of your cleanup.

-------------------------------------------------------------------------------------------------
Downloads

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Open Hijack This and click on 'Do a System Scan Only'. Check the following entries if found (make sure you do not miss any)

O17 - HKLM\System\CCS\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89

---------------------------------------------------------------------------------------------------------

ComboFix

Download ComboFix from here or here

**Save it to your desktop**


Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-------------------------------------------------------------------------------------------------------------

Logs Required
report.txt(from Fixwareout Tool)
C:\Combofix.txt

Let me know how you system is behaving,thanks.

[angelgirl30]

Thank you for your quick response. I have run Fixwareout and ComboFix. I have also removed the entries from the system scan performed by HijackThis. My computer seems to be running faster and I haven't noticed any pop-ups since I ran these programs.

Here are my logs:

Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "onisacputes" Deleted
....
»»»»» Misc files.
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,_RunDLLEntry@16"
"Logitech Utility"="Logi_MwX.Exe"
"explorer"="C:\\Documents and Settings\\Carla\\Desktop\\winstall.exe"
"runner1"="C:\\WINDOWS\\retadpu2000340.exe 61A847B5BBF72810329B385576F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E77DB6C0736AC53FD97CB77"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\uxeynipk.dll\",realset"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DS Clock"="\"C:\\Program Files\\DS Clock\\dsclock.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Program Files\\Ares\\bak\\Ares.exe\" -h"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it

Rustock pe386 is present
C:\WINDOWS\System32\AUTOEXEC.NT missing
C:\WINDOWS\repair\autoexec.nt missing
»»»»» End report »»»»»

-------------------------------------------------

"Carla" - 07-04-28 19:21:11 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Program Files\Mozilla Firefox\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\lbymhjxa.dll
C:\WINDOWS\system32\qbyprbfn.dll
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\rqrsspp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\1.exe
C:\WINDOWS\1.exe
C:\WINDOWS\system32\117495375.exe
C:\WINDOWS\system32\117495406.exe
C:\WINDOWS\system32\117495984.exe
C:\WINDOWS\764.exe
C:\WINDOWS\updater.exe
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\ipwins\pop19.tmp
C:\Program Files\ipwins\pop1B.tmp
C:\Program Files\ipwins\Uninst.exe
C:\Program Files\quick links\Uninst.log
C:\Program Files\Common Files\{3CCF4~1\toolbardll.lzma
C:\DOCUME~1\Carla\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\preuninstallql.exe
C:\WINDOWS\winhp32.exe
C:\svhost.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\ipwins
C:\Program Files\quick links
C:\Program Files\Common Files\{3CCF4~1
C:\Program Files\Common Files\{8CCF4~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))


2007-04-25 21:28 132,660 --a------ C:\WINDOWS\system32\uxeynipk.dll
2007-04-25 15:22 <DIR> d-------- C:\Deckard
2007-04-25 15:02 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-24 22:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-24 21:28 208,998 --a------ C:\WINDOWS\system32\rsnujvrb.exe
2007-04-24 21:28 2,068 --a------ C:\WINDOWS\system32\glcpyjca.exe
2007-04-23 21:28 208,998 --a------ C:\WINDOWS\system32\jbwwgvfq.exe
2007-04-23 21:28 2,068 --a------ C:\WINDOWS\system32\iwkhtqfn.exe
2007-04-23 17:29 45,056 -ra------ C:\WINDOWS\retadpu2000340.exe
2007-04-22 15:13 208,998 --a------ C:\WINDOWS\system32\nfwjbqfj.exe
2007-04-22 15:13 2,068 --a------ C:\WINDOWS\system32\gdgawoss.exe
2007-04-22 15:13 2,068 --a------ C:\WINDOWS\system32\ctgidxii.exe
2007-04-21 15:13 744,871 ---hs---- C:\WINDOWS\system32\yycdd.bak2
2007-04-21 15:13 208,998 --a------ C:\WINDOWS\system32\vgqvkxjj.exe
2007-04-21 15:13 2,068 --a------ C:\WINDOWS\system32\jwrvpfsk.exe
2007-04-20 15:24 18,432 --a------ C:\WINDOWS\sysrlb32.exe
2007-04-20 15:13 803,301 ---hs---- C:\WINDOWS\system32\yycdd.bak1
2007-04-20 15:13 208,998 --a------ C:\WINDOWS\system32\ceofmyyt.exe
2007-04-20 15:13 2,068 --a------ C:\WINDOWS\system32\mmhgssdc.exe
2007-04-20 15:12 280,660 ---hs---- C:\WINDOWS\system32\jkhhg.dll
2007-04-20 15:12 280,660 ---hs---- C:\WINDOWS\system32\ddcyy.dll
2007-04-20 15:06 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-04-20 15:06 12 --a------ C:\WINDOWS\system32\sl.bin
2007-04-20 15:05 9,984 --a------ C:\WINDOWS\saiemod.dll
2007-04-20 15:05 9,472 --a------ C:\WINDOWS\salm.exe
2007-04-20 15:05 8,960 --a------ C:\WINDOWS\voiceip.dll
2007-04-20 15:05 31,232 --a------ C:\WINDOWS\180ax.exe
2007-04-20 15:05 28,672 --a------ C:\WINDOWS\system32\MSIXU.DLL
2007-04-20 15:05 25,856 --a------ C:\WINDOWS\vxddsk.exe
2007-04-20 15:05 25,344 --a------ C:\WINDOWS\updatetc.exe
2007-04-20 15:05 24,320 --a------ C:\WINDOWS\bjam.dll
2007-04-20 15:05 23,296 --a------ C:\WINDOWS\7search.dll
2007-04-20 15:05 22,528 --a------ C:\WINDOWS\mspphe.dll
2007-04-20 15:05 22,016 --a------ C:\WINDOWS\flt.dll
2007-04-20 15:05 21,760 --a------ C:\WINDOWS\stcloader.exe
2007-04-20 15:05 21,504 --a------ C:\WINDOWS\system32\msnhlp32.dll
2007-04-20 15:05 20,992 --a------ C:\WINDOWS\satmat.exe
2007-04-20 15:05 19,456 --a------ C:\WINDOWS\system32\wml.exe
2007-04-20 15:05 19,456 --a------ C:\WINDOWS\pbar.dll
2007-04-20 15:05 17,664 --a------ C:\WINDOWS\system32\WER8274.DLL
2007-04-20 15:05 17,408 --a------ C:\WINDOWS\system32\tmrsrv32.exe
2007-04-20 15:05 17,152 --a------ C:\WINDOWS\swin32.dll
2007-04-20 15:05 16,896 --a------ C:\WINDOWS\wml.exe
2007-04-20 15:05 16,128 --a------ C:\WINDOWS\cdsm32.dll
2007-04-20 15:05 14,848 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-04-20 15:05 14,848 --a------ C:\WINDOWS\SUSP.exe
2007-04-20 15:05 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-04-20 15:05 11,008 --a------ C:\WINDOWS\bokja.exe
2007-04-20 15:04 81,412 --a------ C:\WINDOWS\system32\idleserv.exe
2007-04-20 15:04 12,800 --a------ C:\WINDOWS\system32\user_32.dll
2007-04-12 20:31 1,141 --a------ C:\WINDOWS\checkip.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.
ADS removed - system32: deleted 69682 bytes in 1 streams.

2007-04-24 23:17 -------- d-------- C:\Program Files\msn messenger
2007-04-24 23:12 -------- d-------- C:\Program Files\free sticky notes
2007-04-24 23:12 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2007-04-23 21:26 -------- d-------- C:\Program Files\lx_cats
2007-04-15 12:43 -------- d-------- C:\Program Files\tclockex
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 10:08 101438 --a------ C:\WINDOWS\b122.exe
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{0CD71CA8-C5A8-4C77-9CB0-106EC6AD70B1} C:\WINDOWS\system32\ddcyy.dll
{125399A6-E13D-42CE-A021-7F9069A79440} c:\windows\fonts\pcreg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
{c2dace2d-f27f-4591-97be-10c379cef2e6} C:\WINDOWS\system32\lprcmd.dll [x]
{C3F16958-9601-43E3-AC3C-6E89762079Ec} C:\WINDOWS\system32\lbymhjxa.dll [x]
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\qbyprbfn.dll [x]
{EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} C:\WINDOWS\system32\msnhlp32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,_RunDLLEntry@16"
"Logitech Utility"="Logi_MwX.Exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\uxeynipk.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DS Clock"="\"C:\\Program Files\\DS Clock\\dsclock.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Program Files\\Ares\\bak\\Ares.exe\" -h"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lprcmd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcreg

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-28 19:42:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-28 19:44:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-28 19:44

[tetonbob]

Hi angelgirl30, please also do this:

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

[angelgirl30]

Here is my latest HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:54:18 AM, on 29/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\bak\Ares.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Free Sticky Notes\freenote.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uxeynipk.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to Free Sticky Notes.LNK = C:\Program Files\Free Sticky Notes\freenote.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angelgirl76.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - https://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing)

[TheBruce1]

Hello again,good job so far.

We need to rename Hijackthis as some infections hide from it.

Locate Hijackthis.exe and click on rename,rename to angelgirl30 or anything else you want.

Then Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

[angelgirl30]

Here is the latest log (after renaming HijackThis.exe angelgirl30.exe)

Logfile of HijackThis v1.99.1
Scan saved at 2:31:42 PM, on 29/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\bak\Ares.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Free Sticky Notes\freenote.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\angelgirl30.exe

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CD71CA8-C5A8-4C77-9CB0-106EC6AD70B1} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: PsapiAnalyzer Object - {125399A6-E13D-42CE-A021-7F9069A79440} - c:\windows\fonts\pcreg.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: (no name) - {c2dace2d-f27f-4591-97be-10c379cef2e6} - C:\WINDOWS\system32\lprcmd.dll (file missing)
O2 - BHO: (no name) - {C3F16958-9601-43E3-AC3C-6E89762079Ec} - C:\WINDOWS\system32\lbymhjxa.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\qbyprbfn.dll (file missing)
O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - C:\WINDOWS\system32\msnhlp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uxeynipk.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to Free Sticky Notes.LNK = C:\Program Files\Free Sticky Notes\freenote.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angelgirl76.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - https://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: lprcmd - lprcmd.dll (file missing)
O20 - Winlogon Notify: pcreg - c:\windows\fonts\pcreg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing)

[TheBruce1]

Hello again

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
--------------------------------------------------------------------------------------------

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

---------------------------------------------------------------------------------------------
Please download the Suspicious File Packer http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:

C:\WINDOWS\system32\mmhgssdc.exe
C:\WINDOWS\system32\ceofmyyt.exe
C:\WINDOWS\system32\jwrvpfsk.exe
C:\WINDOWS\system32\vgqvkxjj.exe
C:\WINDOWS\system32\ctgidxii.exe
C:\WINDOWS\system32\gdgawoss.exe
C:\WINDOWS\system32\nfwjbqfj.exe
C:\WINDOWS\retadpu2000340.exe
C:\WINDOWS\system32\iwkhtqfn.exe
C:\WINDOWS\system32\jbwwgvfq.exe
C:\WINDOWS\system32\glcpyjca.exe
C:\WINDOWS\system32\uxeynipk.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\ddcyy.dll
c:\windows\fonts\pcreg.dll
C:\WINDOWS\system32\rsnujvrb.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.
---------------------------------------------------------------------------------------------

I see you have Ewido anti-spyware 4.0 installed. Ewido has recently been purchased by Grisoft, makers of AVG Antivirus, and the program is now known as AVG Anti-Spyware. It is essentially the same program with a new paintjob; Ewido currently can still be updated to the newest definitions, but this support will likely not last forever. I recommend you uninstall Ewido 4.0, restart your system, then download and install AVG Anti-Spyware. Update it's definitions as directed below, and run a scan where I have it placed in this fix.

--------------------------------------------------------------------------------------------------

Downloads

Download AVG Anti-Spyware from HERE

• Install AVG Anti-Spyware
• Double-click the icon on Desktop to launch AVG Anti-Spyware

You will need to update AVG Anti-Spyware to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.

• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!
-------------------------------------------------------------------------------------------------

Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.

• Right click the running icon of Spywareguard located in the system tray
• Go to Menu > File > Exit and confirm the programs close.

-------------------------------------------------------------------------------------------------------
Run Combofix

Go to <<Start>> then <<Run>> then paste in the single line command then click OK

"%userprofile%\desktop\combofix.exe" /v pmkjj ddcyy jwrvpfsk uxeynipk jkhhg user_32 WER8274 MSIXU

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

-------------------------------------------------------------------------------------------------------------
Safe mode

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

-------------------------------------------------------------------------------------------------------------

Safe Mode scans & fixes


Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {0CD71CA8-C5A8-4C77-9CB0-106EC6AD70B1} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: PsapiAnalyzer Object - {125399A6-E13D-42CE-A021-7F9069A79440} - c:\windows\fonts\pcreg.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2dace2d-f27f-4591-97be-10c379cef2e6} - C:\WINDOWS\system32\lprcmd.dll (file missing)
O2 - BHO: (no name) - {C3F16958-9601-43E3-AC3C-6E89762079Ec} - C:\WINDOWS\system32\lbymhjxa.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\qbyprbfn.dll (file missing)
O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - C:\WINDOWS\system32\msnhlp32.dll
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uxeynipk.dll",realset
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: lprcmd - lprcmd.dll (file missing)
O20 - Winlogon Notify: pcreg - c:\windows\fonts\pcreg.dll

Please remember to close all other windows, including browsers then click Fix checked.

----------------------------------------------------------------------------------------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\system32\rsnujvrb.exe
C:\WINDOWS\system32\tmrsrv32.exe
C:\WINDOWS\system32\idleserv.exe
C:\WINDOWS\system32\glcpyjca.exe
C:\WINDOWS\system32\jbwwgvfq.exe
C:\WINDOWS\system32\iwkhtqfn.exe
C:\WINDOWS\retadpu2000340.exe
C:\WINDOWS\system32\nfwjbqfj.exe
C:\WINDOWS\system32\gdgawoss.exe
C:\WINDOWS\system32\ctgidxii.exe
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\vgqvkxjj.exe
C:\WINDOWS\system32\jwrvpfsk.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\sysrlb32.exe
C:\WINDOWS\system32\ceofmyyt.exe
C:\WINDOWS\system32\mmhgssdc.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\SUSP.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\7search.dll
C:\WINDOWS\764.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\voiceip.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\salm.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\1.exe
C:\WINDOWS\checkip.dat
C:\WINDOWS\b122.exe
c:\windows\fonts\pcreg.dll

-----------------------------------------------------------------------------------------------------------------------

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot in Normal Mode.

-------------------------------------------------------------------------------------------------------------------------

Reboot into normal mode

-------------------------------------------------------------------------------------------------------------------------
Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report into your next reply.

-----------------------------------------------------------------------------------------------------------------------------
Free Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Comodo Personal Firewall
Sygate Personal Firewall
ZoneAlarm

Please install One of the above as it will give you greater protection than Windows Firewall.

---------------------------------------------------------------------------------------------------------------------------------

Please run Deckard System Scanner again.

------------------------------------------------------------------------------------------------------------------------------
Logs Required
C:\Combofix.txt
C:\rapport.txt
Avg scan report
Panda scan report
C:\Deckard\System Scanner\main.txt

Let me know how you system is behaving,thanks.

[angelgirl30]

Hi again,

I carefully followed all of your instructions. I really appreciate all of your help.
The only step I was unable to follow is that I could not post the Suspicious File Packer CAB archive to the bleepingcomputer.com site because when I clicked on the link, the page came up as 401 error (page not found). Also the Panda scan did not detect any viruses/spyware.

Here are the requested logs:

C:\Combofix.txt Log:

"Carla" - 07-05-01 15:52:09 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Carla\Desktop\"
Command switches used :: "/v pmkjj ddcyy jwrvpfsk uxeynipk jkhhg user_32 WER8274 MSIXU"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\uxeynipk.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\user_32.dll
C:\WINDOWS\system32\WER8274.dll
C:\WINDOWS\system32\MSIXU.dll
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\kpinyexu.ini
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ddcyy.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))


2007-05-01 15:49 2,232 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-01 15:48 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-01 15:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-01 15:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-01 15:41 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-28 19:44 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-25 15:22 <DIR> d-------- C:\Deckard
2007-04-25 15:02 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-24 22:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-24 21:28 208,998 --a------ C:\WINDOWS\system32\rsnujvrb.exe
2007-04-24 21:28 2,068 --a------ C:\WINDOWS\system32\glcpyjca.exe
2007-04-23 21:28 208,998 --a------ C:\WINDOWS\system32\jbwwgvfq.exe
2007-04-23 21:28 2,068 --a------ C:\WINDOWS\system32\iwkhtqfn.exe
2007-04-23 17:29 45,056 -ra------ C:\WINDOWS\retadpu2000340.exe
2007-04-22 15:13 208,998 --a------ C:\WINDOWS\system32\nfwjbqfj.exe
2007-04-22 15:13 2,068 --a------ C:\WINDOWS\system32\gdgawoss.exe
2007-04-22 15:13 2,068 --a------ C:\WINDOWS\system32\ctgidxii.exe
2007-04-21 15:13 208,998 --a------ C:\WINDOWS\system32\vgqvkxjj.exe
2007-04-21 15:13 2,068 --a------ C:\WINDOWS\system32\jwrvpfsk.exe
2007-04-20 15:24 18,432 --a------ C:\WINDOWS\sysrlb32.exe
2007-04-20 15:13 208,998 --a------ C:\WINDOWS\system32\ceofmyyt.exe
2007-04-20 15:13 2,068 --a------ C:\WINDOWS\system32\mmhgssdc.exe
2007-04-20 15:06 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-04-20 15:06 12 --a------ C:\WINDOWS\system32\sl.bin
2007-04-20 15:05 9,984 --a------ C:\WINDOWS\saiemod.dll
2007-04-20 15:05 9,472 --a------ C:\WINDOWS\salm.exe
2007-04-20 15:05 8,960 --a------ C:\WINDOWS\voiceip.dll
2007-04-20 15:05 31,232 --a------ C:\WINDOWS\180ax.exe
2007-04-20 15:05 25,856 --a------ C:\WINDOWS\vxddsk.exe
2007-04-20 15:05 25,344 --a------ C:\WINDOWS\updatetc.exe
2007-04-20 15:05 24,320 --a------ C:\WINDOWS\bjam.dll
2007-04-20 15:05 23,296 --a------ C:\WINDOWS\7search.dll
2007-04-20 15:05 22,528 --a------ C:\WINDOWS\mspphe.dll
2007-04-20 15:05 22,016 --a------ C:\WINDOWS\flt.dll
2007-04-20 15:05 21,760 --a------ C:\WINDOWS\stcloader.exe
2007-04-20 15:05 21,504 --a------ C:\WINDOWS\system32\msnhlp32.dll
2007-04-20 15:05 20,992 --a------ C:\WINDOWS\satmat.exe
2007-04-20 15:05 19,456 --a------ C:\WINDOWS\system32\wml.exe
2007-04-20 15:05 19,456 --a------ C:\WINDOWS\pbar.dll
2007-04-20 15:05 17,408 --a------ C:\WINDOWS\system32\tmrsrv32.exe
2007-04-20 15:05 17,152 --a------ C:\WINDOWS\swin32.dll
2007-04-20 15:05 16,896 --a------ C:\WINDOWS\wml.exe
2007-04-20 15:05 16,128 --a------ C:\WINDOWS\cdsm32.dll
2007-04-20 15:05 14,848 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-04-20 15:05 14,848 --a------ C:\WINDOWS\SUSP.exe
2007-04-20 15:05 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-04-20 15:05 11,008 --a------ C:\WINDOWS\bokja.exe
2007-04-20 15:04 81,412 --a------ C:\WINDOWS\system32\idleserv.exe
2007-04-12 20:31 1,141 --a------ C:\WINDOWS\checkip.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-30 22:35 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2007-04-24 23:17 -------- d-------- C:\Program Files\msn messenger
2007-04-24 23:12 -------- d-------- C:\Program Files\free sticky notes
2007-04-23 21:26 -------- d-------- C:\Program Files\lx_cats
2007-04-15 12:43 -------- d-------- C:\Program Files\tclockex
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 10:08 101438 --a------ C:\WINDOWS\b122.exe
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{125399A6-E13D-42CE-A021-7F9069A79440} c:\windows\fonts\pcreg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
{c2dace2d-f27f-4591-97be-10c379cef2e6} C:\WINDOWS\system32\lprcmd.dll [x]
{C3F16958-9601-43E3-AC3C-6E89762079Ec} C:\WINDOWS\system32\lbymhjxa.dll [x]
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\qbyprbfn.dll [x]
{EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} C:\WINDOWS\system32\msnhlp32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,_RunDLLEntry@16"
"Logitech Utility"="Logi_MwX.Exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\uxeynipk.dll\",realset"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DS Clock"="\"C:\\Program Files\\DS Clock\\dsclock.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Program Files\\Ares\\bak\\Ares.exe\" -h"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lprcmd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcreg

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 1645
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-01 16:08:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-01 16:08
C:\ComboFix2.txt ... 07-04-28 19:44

------------------------------------------------------------


C:\Rapport.txt log:

SmitFraudFix v2.171

Scan done at 15:49:10.29, 01/05/2007
Run from C:\Documents and Settings\Carla\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\bak\Ares.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Free Sticky Notes\freenote.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Samsung ML-2010 Series\CommonSM\ssmsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\susp.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carla


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carla\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Carla\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 24.222.0.94
DNS Server Search Order: 24.222.0.95

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: DhcpNameServer=85.255.114.27,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B62F5280-93C3-49B9-B79E-8533122DAC8C}: DhcpNameServer=85.255.114.27,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: DhcpNameServer=24.222.0.94 24.222.0.95
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: DhcpNameServer=85.255.114.27,85.255.112.89
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B62F5280-93C3-49B9-B79E-8533122DAC8C}: DhcpNameServer=85.255.114.27,85.255.112.89
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: DhcpNameServer=24.222.0.94 24.222.0.95
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: DhcpNameServer=24.222.0.91 24.222.0.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.222.0.94 24.222.0.95
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.222.0.94 24.222.0.95
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.222.0.91 24.222.0.75


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


-------------------------------------------------------------

AVG Scan Report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:13:30 PM 01/05/2007

+ Scan result:



C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\ddfonf.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\lbymhjxa.dll.vir -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448482.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exclean.exe -> Adware.Exact : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-515967899-527237240-839522115-1003\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-515967899-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443016.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443017.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443018.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443019.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443020.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443021.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443022.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443023.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443024.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443025.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443026.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443027.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443028.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443029.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443030.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443031.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443032.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443033.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443034.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443035.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443036.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443037.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443038.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443039.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443040.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443041.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443042.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443043.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443044.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443045.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443046.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443047.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443048.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443049.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443050.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443051.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443052.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443053.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443054.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443055.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443056.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443057.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443058.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443059.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443060.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443061.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443062.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443185.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2059\A1446153.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448689.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\tmp8.tmp.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\tmpF.tmp.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\rqrsspp.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448488.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Carla\Desktop\requested-files[2007-04-30_21_33].cab/C:\WINDOWS\retadpu2000340.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\updater.exe.vir -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443184.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2059\A1446170.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448469.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448668.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\updater.exe.tmp -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\HIR9HA46\QRhrTRWtr[1].exe -> Downloader.Small.bve : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\1.exe.vir -> Downloader.Small.bve : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\1.exe.vir -> Downloader.Small.bve : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448463.exe -> Downloader.Small.bve : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448464.exe -> Downloader.Small.bve : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\HIR9HA46\3[1].exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\svhost.exe.vir -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448481.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\Program Files\HijackThis\backups\backup-20070501-162047-828.dll -> Downloader.VB.apq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448660.dll -> Downloader.VB.apq : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\user_32.dll.vir -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448597.dll -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448669.exe -> Downloader.VB.avl : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\ipwins\Uninst.exe.vir -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448477.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\HIR9HA46\installdrivecleanerstart[1].cab/UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-33d0253e-17fea530.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448680.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@oasc04.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.272:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.276:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.279:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.282:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.347:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.365:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.410:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.419:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.168:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.169:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Cookies\carla@track.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@track.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.420:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.421:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.257:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.258:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.259:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.260:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.261:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.179:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@www.belstat[3].txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.358:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.181:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.15:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.303:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.406:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@counter.cnw[2].txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.445:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Co : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@cnn-cnet.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.422:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.374:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Cookies\carla@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.548:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.549:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.550:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.551:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.552:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.553:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.856:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@www.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.236:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
:mozilla.472:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.495:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.273:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.274:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.275:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.263:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.264:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.265:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.266:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.267:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.452:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.453:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.345:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.102:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.103:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.42:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.501:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.849:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.460:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.262:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.834:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Cookies\carla@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.133:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.298:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Cookies\carla@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.330:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.34:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.47:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Cookies\carla@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.182:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.183:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.184:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.185:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.496:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.497:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.255:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.256:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@games.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.108:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.110:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.111:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.40:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.41:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@network.realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.187:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.188:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.189:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.190:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.191:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.192:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.193:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.194:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Cookies\carla@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@stats2.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.225:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.226:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.228:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.229:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.230:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.231:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.232:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.407:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.459:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.461:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.471:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@skype[1].txt -> TrackingCookie.Skype : Cleaned.
:mozilla.333:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.334:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.335:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.336:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.339:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.340:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.341:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.227:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.233:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.234:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Cookies\carla@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@ad.text.tbn[2].txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.745:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\31v4001i.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Cookies\carla@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.427:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.408:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.409:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.176:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.180:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.196:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.223:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.10:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Carla\Cookies\carla@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.235:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.237:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.238:C:\Documents and Settings\Carla\Application Data\Mozilla\Firefox\Profiles\1unqcyev.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443071.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443072.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2060\A1446214.dll -> Trojan.Baws.a : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\tmp13.tmp.exe -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\tmp4.tmp.exe -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\tmp13.tmp.dll.vir -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\tmp4.tmp.dll.vir -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448471.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448472.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\tmp11.tmp.exe -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\tmp5.tmp.exe -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\tmpA.tmp.exe -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\tmp11.tmp.dll.vir -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\tmp5.tmp.dll.vir -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448470.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448473.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\temp.frE919\UnInstall.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Ipwindows\UnInstall.exe.vir -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443075.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2059\A1446152.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448476.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1442980.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1443176.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2056\A1444104.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2057\A1444124.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2057\A1445103.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2058\A1445110.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448670.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

------------------------------------------------------------------

C:\Deckard\SystemScanner\main.txt:

Deckard's System Scanner v20070423.42
Run by Carla on 2007-05-01 at 21:14:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Carla.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:14:14 PM, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\bak\Ares.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Free Sticky Notes\freenote.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carla\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Carla.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PsapiAnalyzer Object - {125399A6-E13D-42CE-A021-7F9069A79440} - c:\windows\fonts\pcreg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to Free Sticky Notes.LNK = C:\Program Files\Free Sticky Notes\freenote.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angelgirl76.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - https://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pcreg - c:\windows\fonts\pcreg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing)


-- Files created between 2007-04-01 and 2007-05-01 -----------------------------

2007-05-01 19:38:23 0 d-------- C:\Program Files\Comodo
2007-05-01 19:33:59 0 d-------- C:\WINDOWS\LastGood
2007-05-01 15:49:37 2232 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-01 15:48:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-01 15:48:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS; ; >
2007-05-01 15:48:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility; 2, 0, 0, 0; 2, 0, 0, 0>
2007-05-01 15:41:33 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys <Not Verified; GRISOFT, s.r.o.; AVG7 Clean Driver; 1.0.0.14; 1.0.0.14>
2007-04-28 19:44:50 49152 --a------ C:\WINDOWS\nircmd.exe <Not Verified; NirSoft; NirCmd; 1.85; 1.85>
2007-04-25 15:02:52 0 d-------- C:\Program Files\SpywareBlaster
2007-04-24 22:29:18 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-20 15:05:44 14848 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-04-20 15:05:43 16896 --a------ C:\WINDOWS\wml.exe


-- Find3M Report ---------------------------------------------------------------

2007-05-01 20:44:17 0 d-------- C:\Program Files\MSN Messenger
2007-05-01 20:42:14 0 d-------- C:\Program Files\Free Sticky Notes
2007-05-01 16:05:54 0 d-------- C:\Documents and Settings\Carla\Application Data\Skype
2007-04-30 22:35:18 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2007-04-23 21:26:10 0 d-------- C:\Program Files\Lx_cats
2007-04-15 16:18:56 0 d-------- C:\Program Files\Ares
2007-04-15 12:43:26 0 d-------- C:\Program Files\TClockEx


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{125399A6-E13D-42CE-A021-7F9069A79440} c:\windows\fonts\pcreg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,_RunDLLEntry@16"
"Logitech Utility"="Logi_MwX.Exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DS Clock"="\"C:\\Program Files\\DS Clock\\dsclock.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Program Files\\Ares\\bak\\Ares.exe\" -h"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcreg

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm


-- End of Deckard's System Scanner: finished at 2007-05-01 at 21:14:55 ---------

[tetonbob]

Hi angelgirl30 -

If you still have the cab file created by SFP, here's the link....it got broken in copy/paste.

http://www.bleepingcomputer.com/subm....php?channel=4

[angelgirl30]

The CAB file that was created on my desktop was removed but I created another one and sent it to bleepingcomputer.com.

[TheBruce1]

Hello angelgirl30
Do you have the Panda scan report,if so can you post it.
Thanks.

[angelgirl30]

Hi again,

When I ran the Panda scan, it did not detect any viruses/spyware and it did not seem to offer me a report. Shall I run it again?

Thanks

[TheBruce1]

Quote:

When I ran the Panda scan, it did not detect any viruses/spyware and it did not seem to offer me a report. Shall I run it again?

No need to run it again if it found nothing,let me review the logs and i`ll get back to you with a fix asap.

[TheBruce1]

Hello again,

Good job there you got almost all the infections showing and also for uploading those files,just a bit of tidying up to be done.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
--------------------------------------------------------------------------------------------

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

---------------------------------------------------------------------------------------------
Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.

• Right click the running icon of Spywareguard located in the system tray
• Go to Menu > File > Exit and confirm the programs close.

Avg Antispyware

On the top of the main screen click Shield Click the word active to change it to inactive,EXIT AVG Anti-Spyware.

----------------------------------------------------------------------------------------------

Reg Fix

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------------------------------------------

Safe Mode

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

-------------------------------------------------------------------------------------------------------------------------
Safe Mode scans & fixes

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back into Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

-------------------------------------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: PsapiAnalyzer Object - {125399A6-E13D-42CE-A021-7F9069A79440} - c:\windows\fonts\pcreg.dll
O20 - Winlogon Notify: pcreg - c:\windows\fonts\pcreg.dll

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------------------------------------------------------------------

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\wml.exe
c:\windows\fonts\pcreg.dll

----------------------------------------------------------------------------------------------------------------------------

Reboot into normal mode

---------------------------------------------------------------------------------------------------------------------------------

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

-----------------------------------------------------------------------------------------------------------------------------------
Online Scan

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

--------------------------------------------------------------------------------------------------------------------------------------


Please run Deckard System Scanner again.

------------------------------------------------------------------------------------------------------------------------------
Logs Required
C:\rapport.txt
Kaspersky scan report
C:\Deckard\System Scanner\main.txt

[angelgirl30]

Hi again!

Here are the latest logs you requested.

C:\rapport.txt:

SmitFraudFix v2.171

Scan done at 14:27:00.65, 02/05/2007
Run from C:\Documents and Settings\Carla\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: DhcpNameServer=85.255.114.27,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B62F5280-93C3-49B9-B79E-8533122DAC8C}: DhcpNameServer=85.255.114.27,85.255.112.89
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: DhcpNameServer=24.222.0.94 24.222.0.95
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: DhcpNameServer=85.255.114.27,85.255.112.89
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B62F5280-93C3-49B9-B79E-8533122DAC8C}: DhcpNameServer=85.255.114.27,85.255.112.89
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: DhcpNameServer=24.222.0.94 24.222.0.95
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: DhcpNameServer=24.222.0.91 24.222.0.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.222.0.94 24.222.0.95
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.222.0.94 24.222.0.95
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.222.0.91 24.222.0.75


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

-----------------------------------------
C:\Deckard\SystemScanner\main.txt:

Deckard's System Scanner v20070423.42
Run by Carla on 2007-05-02 at 18:10:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Carla.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:10:59 PM, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\bak\Ares.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Free Sticky Notes\freenote.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carla\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Carla.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PsapiAnalyzer Object - {125399A6-E13D-42CE-A021-7F9069A79440} - c:\windows\fonts\pcreg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to Free Sticky Notes.LNK = C:\Program Files\Free Sticky Notes\freenote.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angelgirl76.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - https://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pcreg - c:\windows\fonts\pcreg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing)


-- Files created between 2007-04-02 and 2007-05-02 -----------------------------

2007-05-02 15:04:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-02 15:04:01 0 d-------- C:\WINDOWS\LastGood
2007-05-02 14:58:39 0 d-------- C:\Program Files\Common Files\Java
2007-05-02 14:41:26 0 d-------- C:\Documents and Settings\Carla\Application Data\Comodo
2007-05-02 14:41:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-05-01 19:38:23 0 d-------- C:\Program Files\Comodo
2007-05-01 15:49:37 2254 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-01 15:48:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-01 15:48:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS; ; >
2007-05-01 15:48:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility; 2, 0, 0, 0; 2, 0, 0, 0>
2007-05-01 15:41:33 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys <Not Verified; GRISOFT, s.r.o.; AVG7 Clean Driver; 1.0.0.14; 1.0.0.14>
2007-04-28 19:44:50 49152 --a------ C:\WINDOWS\nircmd.exe <Not Verified; NirSoft; NirCmd; 1.85; 1.85>
2007-04-25 15:02:52 0 d-------- C:\Program Files\SpywareBlaster
2007-04-24 22:29:18 0 d-------- C:\WINDOWS\system32\ActiveScan


-- Find3M Report ---------------------------------------------------------------

2007-05-02 14:59:31 0 d-------- C:\Program Files\Java
2007-05-01 20:44:17 0 d-------- C:\Program Files\MSN Messenger
2007-05-01 20:42:14 0 d-------- C:\Program Files\Free Sticky Notes
2007-05-01 16:05:54 0 d-------- C:\Documents and Settings\Carla\Application Data\Skype
2007-04-30 22:35:18 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2007-04-23 21:26:10 0 d-------- C:\Program Files\Lx_cats
2007-04-15 16:18:56 0 d-------- C:\Program Files\Ares
2007-04-15 12:43:26 0 d-------- C:\Program Files\TClockEx


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{125399A6-E13D-42CE-A021-7F9069A79440} c:\windows\fonts\pcreg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,_RunDLLEntry@16"
"Logitech Utility"="Logi_MwX.Exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DS Clock"="\"C:\\Program Files\\DS Clock\\dsclock.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Program Files\\Ares\\bak\\Ares.exe\" -h"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcreg

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm


-- End of Deckard's System Scanner: finished at 2007-05-02 at 18:11:48 ---------

[angelgirl30]

Kaspersky Scan Report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 02, 2007 6:10:05 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/05/2007
Kaspersky Anti-Virus database records: 311513
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 97759
Number of viruses found: 88
Number of infected objects: 990 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:37:32

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\3D.tmp\thnall1a.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.au skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\B8E21D.tmp/pmtInstaller.exe/PMTSetup.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\B8E21D.tmp/pmtInstaller.exe/QLSetup.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\B8E21D.tmp/pmtInstaller.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\B8E21D.tmp CAB: infected - 3 skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\temp.fr9E1D Infected: Trojan.Win32.Agent.ay skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\492VG167\index[7].htm Infected: Trojan-Downloader.JS.Small.dz skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KLER49QZ\4[1].exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\S9IZSPM3\5[1].exe Infected: Trojan-Spy.Win32.BZub.is skipped
C:\Deckard\System Scanner\20070428184651\backup\DOCUME~1\Carla\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\WTMNWPIF\adv417[1].htm Infected: Trojan-Downloader.JS.Agent.ab skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\call256.dbb Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\chat512.dbb Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\index2.dat Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\user1024.dbb Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Skype\angelgirl29\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\6.0\45\7bff92d-39aa1537/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\6.0\45\7bff92d-39aa1537 ZIP: infected - 1 skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\6.0\57\731a4af9-3721b62a/MyFunction.class Infected: Trojan-Dropper.Java.Small.c skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\6.0\57\731a4af9-3721b62a ZIP: infected - 1 skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\6.0\9\59867989-6074e3ab/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\6.0\9\59867989-6074e3ab ZIP: infected - 1 skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-286cf73d.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar.jar-6a28554b-286cf73d.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv712.jar-7d51d054-2b824f2e.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv712.jar-7d51d054-2b824f2e.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-571bc93f-28ea75b1.zip/MyFunction.class Infected: Trojan-Dropper.Java.Small.c skipped
C:\Documents and Settings\Carla\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-571bc93f-28ea75b1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Carla\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Carla\Desktop\PopularScreenSaversFFSetup2.0.4.15.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Carla\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Carla\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Carla\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Carla\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Messenger\mccormackcarla@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Messenger\mccormackcarla@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Messenger\mccormackcarla@hotmail.com\SharingMetadata\Working\database_B48C_CF93_8CCF_4E94\dfsr.db Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Messenger\mccormackcarla@hotmail.com\SharingMetadata\Working\database_B48C_CF93_8CCF_4E94\fsr.log Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Messenger\mccormackcarla@hotmail.com\SharingMetadata\Working\database_B48C_CF93_8CCF_4E94\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Messenger\mccormackcarla@hotmail.com\SharingMetadata\Working\database_B48C_CF93_8CCF_4E94\tmp.edb Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Windows Live Contacts\mccormackcarla@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Application Data\Microsoft\Windows Live Contacts\mccormackcarla@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\History\History.IE5\MSHist012007050220070503\index.dat Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temp\hsperfdata_Carla\3488 Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temp\~DF1C51.tmp Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temp\~DF36EC.tmp Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temp\~DF39D1.tmp Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temp\~DF4BA3.tmp Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temp\~DF4E56.tmp Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temp\~DFAA2E.tmp Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temp\~DFCA86.tmp Object is locked skipped
C:\Documents and Settings\Carla\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0017.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0019.BIN/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0020.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0021.BIN/data0002 Infected: not-a-virus:AdTool.Win32.WebRebates.r skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0021.BIN/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0021.BIN/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0021.BIN/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.p skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe WiseSFX: infected - 10 skipped
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe WiseSFX Dropper: infected - 10 skipped
C:\Documents and Settings\Carla\My Documents\setup_ares.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\Documents and Settings\Carla\My Documents\setup_ares.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\Documents and Settings\Carla\My Documents\setup_ares.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Carla\My Documents\setup_ares.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Carla\My Documents\setup_ares.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Carla\My Documents\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Documents and Settings\Carla\My Documents\setup_ares.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\Documents and Settings\Carla\My Documents\setup_ares.exe NSIS: infected - 7 skipped
C:\Documents and Settings\Carla\My Documents\SmileyCentralPFSetup2.0.3.10.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Carla\ntuser.dat Object is locked skipped
C:\Documents and Settings\Carla\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 Infected: Trojan-Downloader.Win32.Small.ahz skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000005 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000006 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000007 Infected: Trojan.Win32.HideProc.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000008 Infected: Trojan.Win32.HideProc.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000009 Infected: Trojan.Win32.HideProc.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000A Infected: Trojan-Downloader.Win32.Dyfuca.du skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0006/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0007/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0007/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D NSIS: infected - 15 skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D PE-Crypt.XorPE: infected - 15 skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000E/data0002 Infected: not-a-virus:AdWare.Win32.Sahat.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000E NSIS: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000E PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000017 Infected: not-a-virus:AdWare.Win32.SaveNow.as skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000018 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000019 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001A Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001B Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001C Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001D Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001E Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001F Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000020 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000021 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000022 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000023 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000024 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000025 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000026 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000027 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000028 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000029 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000002A Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000002B Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000002C Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000002D Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000002E Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000002F Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000030 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000031 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000032 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000033 Infected: IM-Worm.Win32.Bropia.d skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000034 Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000035 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000036 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000037 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000038 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000039 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000003A Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000003B Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000003C Infected: IM-Worm.Win32.Bropia.ai skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000003D Infected: Trojan-Downloader.Win32.Small.rr skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000003E Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000003F Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000040 Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000041 Infected: Trojan-Downloader.Win32.IstBar.gm skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000042 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000043 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000044 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000045 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000046 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000047 Infected: not-a-virus:AdWare.Win32.WinAD.u skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000048 Infected: not-a-virus:AdWare.Win32.WinAD.k skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000049 Infected: Trojan-Downloader.Win32.Agent.ap skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000004A Infected: not-a-virus:AdWare.Win32.DealHelper.v skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000004B Infected: not-a-virus:AdWare.Win32.DealHelper.aa skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000004C Infected: not-a-virus:AdWare.Win32.DealHelper.x skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000004D Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000004E Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000004F Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000050 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000051 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000052 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000053 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000054 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000055 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000056 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000057 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000058 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000059 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000005A Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000005B Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000005C Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000005D Infected: Trojan-Downloader.Win32.Agent.ap skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000005E Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000005F Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000060 Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000061 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000062 Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000063 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000064 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000065 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000066 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000067 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000068 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000069 Infected: IM-Worm.Win32.Bropia.d skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000006A Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000006B Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000006C Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000006D Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000006E Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000006F Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000070 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000071 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000072 Infected: IM-Worm.Win32.Bropia.ai skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000073 Infected: Trojan-Downloader.Win32.Small.rr skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000074 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000075 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000076 Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000077 Infected: Trojan-Downloader.Win32.IstBar.gm skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000078 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000079 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000007A Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000007B Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000007C Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000007D Infected: not-a-virus:AdWare.Win32.WinAD.u skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000007E Infected: not-a-virus:AdWare.Win32.WinAD.k skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000007F Infected: Trojan-Downloader.Win32.Agent.ap skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000080 Infected: not-a-virus:AdWare.Win32.DealHelper.v skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000081 Infected: not-a-virus:AdWare.Win32.DealHelper.aa skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000082 Infected: not-a-virus:AdWare.Win32.DealHelper.x skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000083 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000084 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000085 Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000086 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000087 Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000088 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000089 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000008A Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000008B Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000008C Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000008D Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000008E Infected: IM-Worm.Win32.Bropia.d skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000008F Infected: Trojan.Win32.Pakes skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000090 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000091 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000092 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000093 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000094 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000095 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000096 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000097 Infected: IM-Worm.Win32.Bropia.ai skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000098 Infected: Trojan-Downloader.Win32.Small.rr skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000099 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000009A Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000009B Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000009C Infected: Trojan-Downloader.Win32.IstBar.gm skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000009D Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000009E Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000009F Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A0 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A1 Infected: Backdoor.Win32.Small.dc skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A2 Infected: not-a-virus:AdWare.Win32.WinAD.u skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A3 Infected: not-a-virus:AdWare.Win32.WinAD.k skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A4 Infected: Trojan-Downloader.Win32.Agent.ap skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A5 Infected: not-a-virus:AdWare.Win32.DealHelper.v skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A6 Infected: not-a-virus:AdWare.Win32.DealHelper.aa skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A7 Infected: not-a-virus:AdWare.Win32.DealHelper.x skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A8 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000A9 Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000AA Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000AB Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000AC Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000AD Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000AE Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000AF Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B0 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B1 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B2 Infected: Trojan-Downloader.Win32.Small.asf skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B3 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B4 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B5 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B6 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B7 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B8 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000B9 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000BA Infected: Trojan-Downloader.Win32.Small.asf skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000BB Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000BC Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000BD Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000BE Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000BF Infected: Trojan-Downloader.Win32.Small.asf skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C0 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C1 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C2 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C3 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C4 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C5 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C6 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C7 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C8 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000C9 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000CA Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000CB Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000CC Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000CD Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000CE Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000CF Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D0 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D1 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D2 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D3 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D4 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D5 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D6 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D7 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D8 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000D9 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000DA Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000DB Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000DC Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000DD Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000DE Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000DF Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E0 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E1 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E2 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E3 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E4 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E5 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E6 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E7 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E8 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000E9 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000EA Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000EB Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000EC Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000ED Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000EE Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000EF Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F0 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F2 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F3 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F4 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F5 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F6 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F7 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F8 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000F9 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000FA Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000FB Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000FC Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000FD Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000FE Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000000FF Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000100 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000101 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000102 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000103 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000104 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000105 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000106 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000107 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000108 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000109 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000010A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000010B Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000010C Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000010D Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000010E Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000010F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000110 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000111 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000112 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000113 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000114 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000115 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000116 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000117 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000118 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000119 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000011A Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000011B Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000011C Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000011D Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000011E Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000011F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000120 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000121 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000122 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000123 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000124 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000125 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000126 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000127 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000128 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000129 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000012A Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000012B Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000012C Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000012F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000130 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000131 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000132 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000133 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000134 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000135 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000136 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000137 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000139 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000013A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000013B Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000013C Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000013D Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000013E Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000013F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000140 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000141 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000142 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000143 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000144 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000145 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000146 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000147 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000148 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000149 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000014A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000014B Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000014C Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000014D Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000014E Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000014F Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000150 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000151 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000152 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000153 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000155 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000156 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000157 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000158 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000159 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000015A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000015B Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000015C Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000015D Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000015E Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000015F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000160 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000161 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000162 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000163 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000164 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000165 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000166 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000167 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000168 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000169 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000016A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000016B Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000016C Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000016D Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000016E Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000016F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000170 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000171 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000172 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000173 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000174 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000175 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000176 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000177 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000178 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000179 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000017A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000017B Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000017C Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000017D Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000017E Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000017F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000180 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000181 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000182 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000183 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000184 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000185 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000186 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000187 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000188 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000189 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000018A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000018B Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000018C Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000018D Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000018E Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000018F Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000190 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000191 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000193 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000194 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000195 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000196 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000197 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000198 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000199 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000019A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000019B Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000019C Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000019D Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000019E Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000019F Infected: Trojan-Downloader.Win32.Agent.hw skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001A2 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001A3 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001A4 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001A5 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001A6 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001A7 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001A8 Infected: Trojan-Clicker.Win32.Small.ft skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001A9 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001AA Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001AB Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001AC Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001AD Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001AE Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001AF Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B0 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B1 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B2 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B3 Infected: Trojan-Clicker.Win32.Small.ft skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B4 Infected: Trojan-Clicker.Win32.Small.ft skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B5 Infected: Trojan-Clicker.Win32.Small.ft skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B6 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B7 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B8 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001B9 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001BA Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001BB Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001BC Infected: Trojan-Clicker.Win32.Small.ft skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001BD Infected: Trojan-Clicker.Win32.Small.ft skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001BE Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001BF Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C0 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C1 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C2 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C3 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C4 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C5 Infected: Trojan-Clicker.Win32.Small.ft skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C6 Infected: Trojan-Clicker.Win32.Small.ft skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C7 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C8 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001C9 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001CA Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001CB Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001CC Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001CD Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001CE Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001CF Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D0 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D1 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D2 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D3 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D4 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D5 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D6 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D7 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D8 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001D9 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001DA Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001DB Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001DC Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001DD Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001DE Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001DF Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E0 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E1 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E2 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E3 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E4 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E5 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E6 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E7 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E8 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001E9 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001EA Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001EB Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001EC Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001ED Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001EE Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001EF Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F0 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F1 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F2 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F3 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F4 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F5 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F6 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F7 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F8 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001F9 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001FA Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001FB Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001FC Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001FD Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001FE Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000001FF Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000200 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000201 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000202 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000203 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000204 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000205 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000206 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000207 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000208 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000209 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000020A Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000020B Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000020C Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000020D Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000020E Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000020F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000210 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000211 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000212 Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000213 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000214 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000215 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000216 Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000217 Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000218 Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000219 Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000021B Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000021E Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000021F Infected: not-a-virus:AdWare.Win32.BetterInternet.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000220 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000221 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000222 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000223 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000224 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000225 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000226 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000227 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000228 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000229 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000022A Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000022B Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000022C Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000022D Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000022E Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000022F Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000230 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000231 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000232 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000233 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000234 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000235 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000237 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000238 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000239 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000023A Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000023B Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000023C Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000023D Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000023E Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000023F Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000240 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000241 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000242 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000243 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000244 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000245 Infected: Trojan.Win32.Stervis.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000246 Infected: not-a-virus:AdWare.Win32.BetterInternet.n skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000247 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000248 Infected: not-a-virus:AdWare.Win32.Sahat.p skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000249 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000024A Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000024B Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000024C Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000024D Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000024E Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000024F Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000250 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000251 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000252 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000253 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000254 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000257 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000258 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000259 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000025A Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000025B Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000025C Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000025D Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000025E Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000025F Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000260 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000261 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000262 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000263 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000264 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000265 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000266 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000267 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000268 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000269 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000026A Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000026B Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000026C Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000026D Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000026E Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000026F Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000270 Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000271 Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000272 Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000273 Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000274 Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000275 Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000276 Infected: Trojan-Downloader.Win32.Small.asf skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000277 Infected: Trojan-Downloader.Win32.IstBar.jm skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000278 Infected: Trojan-Downloader.Win32.IstBar.jm skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000279 Infected: not-a-virus:AdWare.Win32.PowerScan.d skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000027A Infected: not-a-virus:AdWare.Win32.PowerScan.d skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000027B Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped

[angelgirl30]

C:\Program Files\Alwil Software\Avast4\DATA\chest\0000027C Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000027D Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000027E Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000027F Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000280 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000281 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000282 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000283 Infected: not-a-virus:AdWare.Win32.BetterInternet.t skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000284 Infected: not-a-virus:AdWare.Win32.BetterInternet.i skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000286 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000287 Infected: Trojan.Win32.Agent.db skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000288 Infected: not-a-virus:AdWare.Win32.BetterInternet.t skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000289 Infected: Trojan-Downloader.Win32.IstBar.ms skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000028A Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000028B Infected: Trojan.Win32.Agent.cp skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000028C Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000028D Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000028E Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000028F Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000290 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000291 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000292 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000293 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000294 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000295 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000296 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000297 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000298 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000299 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000029A Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000029B Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000029C Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000029D Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000029E Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000029F Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A0 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A1 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A2 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A3 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A4 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A5 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A6 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A7 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A8 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002A9 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002AA Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002AB Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002AC Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002AD Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002AE Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002AF Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B0 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B1 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B2 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B3 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B4 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B5 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B6 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B7 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B8 Infected: not-a-virus:AdWare.Win32.BetterInternet.j skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002B9 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002BA Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002E9 Infected: Trojan-Downloader.Win32.Small.bke skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002EA/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002EA NSIS: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002EA PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002EB Infected: not-a-virus:AdWare.Win32.BetterInternet.v skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002EC Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002ED Infected: not-a-virus:AdWare.Win32.HotBar.an skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002EE Infected: not-a-virus:AdWare.Win32.Shopper.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F0 Infected: not-a-virus:AdWare.Win32.HotBar.an skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F1 Infected: Trojan-Dropper.Win32.Agent.ahx skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F2 Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F3 Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F4 Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F5 Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F6 Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F7 Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F8 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002F9 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002FA Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002FB Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002FC Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002FD Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002FE Infected: Trojan.Win32.Agent.ay skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000002FF Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000300 Infected: Trojan.Win32.Agent.ay skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000301 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000302 Infected: Trojan.Win32.Agent.ay skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000303 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000304 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000305 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000306 Infected: Trojan.Win32.Agent.ay skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000307 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000308 Infected: not-a-virus:AdWare.Win32.HotBar.an skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000309 Infected: not-a-virus:AdWare.Win32.Shopper.c skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000030B Infected: not-a-virus:AdWare.Win32.HotBar.an skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000030C Infected: Trojan-Dropper.Win32.Agent.ahx skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000030D Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000030E Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000030F Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000310 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000311 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000312 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000313 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000314 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000315 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000316 Infected: Trojan.Win32.Agent.ay skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000317 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000318 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000319 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000031A Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000031B Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000031C Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000031D Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000031E Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000031F Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000320 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000321 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000322 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000323 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000324 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000325 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000326 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000327 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000328 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000329 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000032A Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000032B Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000032C Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000032D Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000032E Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000032F Infected: Trojan.Win32.Agent.ay skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000330 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000331 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000332 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000333 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000334 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000335 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000336 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000337 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000338 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000339 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000033A Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000033B Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000033C Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000033D Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000033E Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000033F Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000340 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000341 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000342 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000343 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000344 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000345 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000346 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000347 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000348 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000349 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000034A Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000034B Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000034C Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000034D Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000034E Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000034F Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000350 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000351 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000352 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000353 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000354 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000355 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000356 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000357 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000358 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000359 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000035A Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000035B Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000035C Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000035D Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000035E Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000035F Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000360 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000361 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000362 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000363 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000364 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000365 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000366 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000367 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000368 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000369 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000036A Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000036B Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000036C Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000036D Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000036E Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000036F Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000370 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000371 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000372 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000373 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000374 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000375 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000376 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000377 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000378 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000379 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000037A Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000037B Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000037C Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000037D Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000037E Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000037F Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000380 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000381 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000382 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000383 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000384 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000385 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000386 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000387 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000388 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000389 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000038A Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000038B Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000038C Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000038D Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000038E Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000038F Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000390 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000391 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000392 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000393 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000394 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000395 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000396 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000397 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000398 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000399 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000039A Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000039B Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000039C Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000039D Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000039E Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\0000039F Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A0 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A1 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A2 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A3 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A4 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A5 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A6 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A7 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A8 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003A9 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003AA Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003AB Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003AC Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003AD Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003AE Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003AF Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B0 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B1 Infected: Trojan-Clicker.Win32.Small.hy skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B2 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B3 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B4 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B5 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B6 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B7 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B8 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003B9 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003BA Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003BB Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003BC Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003BD Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003BE Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003BF Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C0 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C1 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C2 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C3 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C4 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C5 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C6 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C7 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C8 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003C9 Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003CA Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003CB Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\chest\000003CC Infected: not-a-virus:AdWare.Win32.ImiBar.h skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qbyprbfn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uxeynipk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\sti.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2059\A1446168.exe Infected: Trojan-Downloader.Win32.VB.att skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2059\A1446169.exe Infected: Trojan-Spy.Win32.BZub.is skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2059\A1446172.exe Infected: Trojan.Win32.DNSChanger.hd skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448433.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2067\A1448483.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448595.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448701.exe Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448702.exe Infected: Trojan-Downloader.Win32.Small.bve skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448703.exe Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448704.exe Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448705.exe Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448706.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448707.exe Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448708.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448709.exe Infected: Trojan.Win32.Agent.agv skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448710.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ai skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2069\A1448712.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2072\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\pmtInstaller.exe/PMTSetup.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\WINDOWS\system32\pmtInstaller.exe/QLSetup.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\WINDOWS\system32\pmtInstaller.exe StarDust: infected - 2 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_748.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2057\A1444125.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\System Volume Information\_restore{95884DEE-28B7-4F18-B23B-B2F4EFF098C7}\RP2057\A1444125.exe mIRC: infected - 1 skipped

Scan process completed.

-----------------------------------------------------------------

[TheBruce1]

Hello again

Did you follow instructions for the reg fix correctly as it is still showing,make sure nothing interfere`s with the reg fix.

--------------------------------------------------------------------------------------------

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

---------------------------------------------------------------------------------------------

Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.

• Right click the running icon of Spywareguard located in the system tray
• Go to Menu > File > Exit and confirm the programs close.

Avg Antispyware

On the top of the main screen click ShieldClick the word active to change it to inactive,EXIT AVG Anti-Spyware.

----------------------------------------------------------------------------------------------

Reg Fix

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{125399A6-E13D-42CE-A021-7F9069A79440}"=-

Save the file as "delete.reg2". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg2 file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------------------------------------------

Download

Please download the OTMoveIt by OldTimer.

* Save it to your desktop.
* Please double-click OTMoveIt.exe to run it.
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

c:\windows\fonts\pcreg.dll
C:\Documents and Settings\Carla\Desktop\PopularScreenSaversFFSetup2.0.4.15.exe
C:\Documents and Settings\Carla\My Documents\My Pictures\butheart1024wp.exe
C:\Documents and Settings\Carla\My Documents\setup_ares.exe
C:\Documents and Settings\Carla\My Documents\SmileyCentralPFSetup2.0.3.10.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\WINDOWS\system32\pmtInstaller.exe


* Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
* Click the red Moveit! button.
* Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the log from OTMoveIt in your next reply, it's located here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

-----------------------------------------------------------------------------------------------

Online scan

Go here and do the BitDefender online virus scan.

* Click "I Agree" to agree to the EULA.
* Allow the ActiveX control to install when prompted.
* Leave the scanning options at default and press "Click here to scan" to begin the scan.
* Please refrain from using the computer until the scan is finished.
* When the scan is finished, click on "Click here to export the scan results"
* Save the report to your desktop then come back here and post it in your next reply along with a new Hijack This log

--------------------------------------------------------------------------------------------------------------------------------------


Please run Deckard System Scanner again.

------------------------------------------------------------------------------------------------------------------------------
Logs Required
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Bitdefender scan report
C:\Deckard\System Scanner\main.txt