HELP riddled with Trojans :(

[Hey it's me]

OK where do I start? I am going to have to make some confessions here and I assume there are some people who might want to help me and others who will judge me quite harshly. They might consider my situation well deserved. What can I say? I'm a bad person for BT-ing. Yes, I engage in this behavior. I was turned on by a certain someone and now I'm a BIT addicted. It's quite Torren-tial indeed. Anyway, I was trying to find keygens for Norton, duplicate email removing, avi converter for my ipod and a couple of other things. UHM, now...Norton hasn't reported any problems, however, AVAST is raging with trojan warnings.

Can anyone help me? Does anyone WANT to help me?

 

[GameMaster]

Yes, hello!
Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
• Click Save to save the log file and then the log will open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

[Hey it's me]

Hi thanks for getting back to me so soon..so, I've tried several times to open HJT, can;t seem to do it???? refuses to open and I get a message saying it can;t

 

[Hey it's me]

"windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item. "

ARGH!

 

[Hey it's me]

Please someone HELP!

among the issues I'm having, HJT for some reason is not installing????

 

[GameMaster]

OK, that definetely means you have some Trojans.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

(If you can't install it in normal mode, try to do it in safe mode ).

 

[Hey it's me]

Avast detected like FIVE Trojans and I allowed them to be placed in "THE CHEST" of AVAST. I'm going to start another scan with avast while I await some news from you Oh great GAME MASTER. I am now ON my computer (where's as up till now I've been out and about in the world). I will be looking for your directions from now on often.
Thanks for the help.

OK so, here is a report generated by SDFix.


System Report
*************

Run on Mon 03/17/2008 at 04:31 PM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [156]
\??\C:\WINDOWS\system32\csrss.exe [204]
\??\C:\WINDOWS\system32\winlogon.exe [228]
C:\WINDOWS\system32\services.exe [272]
C:\WINDOWS\system32\lsass.exe [284]
C:\WINDOWS\system32\svchost.exe [444]
C:\WINDOWS\system32\svchost.exe [504]
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [560]
C:\WINDOWS\system32\svchost.exe [632]


Drivers - Running:

ACPI
Afc
atapi
Beep
catchme
Cdfs
Cdrom
Disk
dmboot
dmio
dmload
FltMgr
Ftdisk
GEARAspiWDM
HDAudBus
HidUsb
i2omgmt
Imapi
isapnp
Kbdclass
kbdhid
KSecDD
Mouclass
mouhid
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
PCIIde
pfc
PxHelp20
rdpdr
redbook
sr
swenum
TermDD
Update
usbehci
usbhub
usbuhci
VgaSave
VolSnap


Drivers - Stopped:

Aavmker4
Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
AFD
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
aswMon2
aswRdr
aswTdi
AsyncMac
Atdisk
Atmarpc
audstub
BOCDRIVE
bvrp_pci
cbidf
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
cercsr6
Changer
CmdIde
COH_Mon
Cpqarray
CxLPT
dac2w2k
dac960nt
DMusic
dpti2o
drmkaud
E100B
eeCtrl
EraserUtilRebootDrv
Fastfat
Fdc
Fips
Flpydisk
Gpc
hpn
HTTP
i2omp
i8042prt
ialm
ini910u
IntelC51
IntelC52
IntelC53
IntelIde
intelppm
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IPSec
IRENUM
Jukebox
kmixer
lbrtfdc
MHNDRV
mnmdd
Modem
MODEMCSA
mohfilt
mraid35x
MRxDAV
MRxSmb
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NAVENG
NAVEX15
NdisIP
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
nv
NwlnkFlt
NwlnkFwd
P0630VID
Parport
ParVdm
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
ROOTMODEM
SASDIFSV
SASENUM
SASKUTIL
Secdrv
Ser2pl
serenum
Serial
Sfloppy
Simbad
sisagp
SLIP
Sparrow
SPBBCDrv
splitter
SRTSP
SRTSPL
SRTSPX
Srv
STHDA
streamip
swmidi
symc810
symc8xx
SYMDNS
SymEvent
SYMFW
SYMIDS
SYMIDSCO
SymIM
SymIMMP
SYMNDIS
SYMREDRV
SYMTDI
sym_hi
sym_u3
sysaudio
Tcpip
TDPIPE
TDTCP
tmcomm
TosIde
Udfs
ultra
USBAAPL
usbccgp
usbprint
usbscan
usbser
usbsermpt
USBSTOR
viaagp
ViaIde
Wanarp
wanatw
WDICA
wdmaud
WSTCODEC


Services - Running:

aawservice
CryptSvc
DcomLaunch
dmserver
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt


Services - Stopped:

Alerter
ALG
Apple
AppMgmt
aspnet_state
aswUpdSv
AudioSrv
Automatic
avast!
avast!
avast!
BITS
BOCore
Browser
ccEvtMgr
ccSetMgr
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
CLTNetCnService
COMSysApp
Dhcp
dmadmin
Dnscache
ehRecvr
ehSched
ERSvc
EventSystem
FastUserSwitchingCompatibility
Fax
HidServ
HTTPFilter
IDriverT
ImapiService
iPod
lanmanserver
lanmanworkstation
LiveUpdate
LiveUpdate
LmHosts
Messenger
MHN
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
Netman
NetSvc
Nla
NMSAccessU
NtLmSsp
NtmsSvc
ose
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SamSs
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
stisvc
SwPrv
Symantec
SysmonLog
TapiSrv
TermService
Themes
TlntSvr
TrkWks
UMWdf
upnphost
UPS
usnjsvc
VSS
w32time
WebClient
WmdmPmSN
Wmi
WmiApSrv
wscsvc
wuauserv
WZCSVC
xmlprov


Files Created/Modified - 60 Days:


C:\



C:\WINDOWS\



C:\Program Files\



Files with hidden attributes:



Catchme:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 16:24:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Program Folders:

C:\Program Files\

AIM6
Apple Software Update
ArcSoft
Avast4
Azureus
CCleaner
Common Files
Comodo
ComPlus Applications
Creative
CyberLink
Dell
Dell Inc
Dell Support
epson
Eusing Free Registry Cleaner
FireTrust
Flash
Foxit Software
Google
Grisoft
iDumpPro
InstallShield Installation Information
Intel
Internet Explorer
iPod
itunes
Jasc Software Inc
Java
Lavasoft
MAPILab Ltd
Messenger
MetaStream
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Plus! Digital Media Edition
Microsoft Plus! Photo Story 2 LE
Microsoft.NET
Modem Helper
Modem On Hold
Motorola Phone Tools
Movie Maker
Mozilla Firefox
MSECACHE
MSN
MSN Gaming Zone
MSN Messenger
MySpace
NetMeeting
Norton AntiVirus
Online Services
Outlook Express
Quickbooks
QuickTime
Real
RGB
Sigmatel
Skype
SmitfraudFix
Sonic
Soulseek
Spybot - Search & Destroy
StickerPIX
SUPERAntiSpyware
Symantec
Trend Micro
Uninstall Information
uTorrent
Video Converters
VideoLAN
Viewpoint
Windows Media Player
Windows NT
Windows Plus
Windows Sidebar
WindowsUpdate
WinRAR
WordPerfect Office 12
xerox

C:\Program Files\Common Files\

Adobe
AOL
Apple
ArcSoft
Borland Shared
Corel
DESIGNER
DVDVideoSoft
InstallShield
Intuit
Jasc Software Inc
Java
MAPILab Ltd
Microsoft Shared
MSSoap
Nikon
Nullsoft
ODBC
Real
Services
Skype
Sonic Shared
SpeechEngines
SWF Studio
Symantec Shared
System
Wise Installation Wizard
xing shared


Add/Remove Programs:

Adobe Flash Player Plugin
AIM 6
avast! Antivirus
BOClean
Creative WebCam Live! Driver (1.01.01.0730)
Creative WebCam Center
Dell Digital Jukebox Driver
Dell DJ Explorer
EPSON Printer Software
EPSON Scan
Eusing Free Registry Cleaner
Foxit PDF Editor
Foxit Reader
Free YouTube to iPod Converter version 2.8
iDump Build: 24
iDumpPro
Intel(R) 537EP V9x DF PCI Modem
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows XP Media Center Edition 2005 KB895198
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for CAPICOM (KB931906)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Macromedia Shockwave Player
MailWasher Pro
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
MemObj
Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.12)
Intel(R) PRO Network Connections Drivers
LiveUpdate (Symantec Corporation)
RealPlayer
Adobe Flash Player 9 ActiveX
EPSON CX8400 User's Guide
SoulSeek Client 156c
StickerPIX
Norton AntiVirus (Symantec Corporation)
Viewpoint Media Player
VideoLAN VLC media player 0.8.6c
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Macromedia Flash Player
Sonic RecordNow Data
ArcSoft Print Creations
Microsoft Plus! Photo Story 2 LE
Security Update for CAPICOM (KB931906)
Qualxserve Service Agreement
Sonic DLA
EPSON Stylus CX8400 Series Scanner Driver Update
SymNet
Sonic Update Manager
Component Framework
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Windows Media Player 10
Norton AntiVirus Help
Internet Explorer Default Page
MSXML 4.0 SP2 (KB927978)
Modem On Hold
Dell Support 3.1
Windows Live Messenger
Dell Driver Reset Tool
Skype™ 3.6
Norton Protection Center
AOLIcon
Windows Genuine Advantage v1.3.0254.0
PowerDVD 5.5
Digital Content Portal
Microsoft Plus! Digital Media Edition Installer
QuickTime
Java 2 Runtime Environment, SE v1.4.2_03
Microsoft Visual C++ 2005 Redistributable
Dell System Restore
SPBBC 32bit
Norton AntiVirus
Modem Event Monitor
Duplicate Email Remover
Modem Helper
Intel(R) PROSet for Wired Connections
Microsoft Silverlight
Intel(R) Graphics Media Accelerator Driver
Microsoft Office Professional Edition 2003
Sonic Encoders
Windows Messenger 5.1
EducateU
Sonic RecordNow Audio
Dell Picture Studio v3.0
WordPerfect Office 12
Sonic RecordNow Copy
ccCommon
Microsoft .NET Framework 2.0 Service Pack 1
Apple Software Update
iTunes
Motorola Phone Tools
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 1.1
ArcSoft PhotoImpression 6
Symantec Real Time Storage Protection Component
Apple Mobile Device Support
ArcSoft Multimedia Email
Ad-Aware 2007
LiveUpdate (Symantec Corporation)
Windows Rights Management Client Backwards Compatibility
ArcSoft Software Suite
AppCore
Jasc Paint Shop Pro 9
ArcSoft PhotoImpression 5
µTorrent

 

[Hey it's me]

the rest of the SDFix report

This report was too long for one posting. so....


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\Avast4\\ALWILS~1\\ashDisp.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 4 DISABLED

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SonicCentral REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SAFEBOOT_OPTION REG_SZ MINIMAL

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentsvr.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\appsvc32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmonitor.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccenter.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccsvchst.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cross.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\discovery.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filedsty.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ftcleanershell.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guangd.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hijackthis.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmor.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ispwdsvc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kascrscn.scr
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kasmain.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kastask.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavdx.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavpfw.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavsetup.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kislnchr.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmfilter.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfw32x.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpfwsvc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kregex.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\krepair.com
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ksloader.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvcenter.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvdetect.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvfwmcl.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp_1.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvreport.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvsrvxp.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvstub.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch9x.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatchx.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\magicset.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsetup.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfw.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwliveupdate.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qhset.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmon.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmond.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravstub.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravtask.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regclean.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwproxy.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsagent.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsaupd.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sdgames.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shuiniu.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartup.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sos.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sreng.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syssafe.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\systom.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tnt.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojandetector.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojanwall.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojdie.kxp
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\txomou.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ufo.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uihost.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxagent.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxattachment.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxcfg.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxfwhlp.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\umxpol.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uplive.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wopticlean.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsyscheck.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xp.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe
Debugger REG_SZ C:\WINDOWS\system32\Flower.exe


Non-Default Installed Components:


Non-Default Safeboot Minimal:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
<NO NAME> REG_SZ Service


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

 

[Hey it's me]

here are the details of the virus's AVAST found & put in its "CHEST"

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp249362675.tmp
FileID: 0000000030 Original file name: C:\Documents and Settings\Eve\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-15-2008 - 09-29-57\{12E926DE-1F48-4D8A-97CB-2E4C6A923EAD} New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp249362675.tmp\30

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp249362675.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp249362675.tmp\30 Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

more Virus details

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp236409113.tmp
FileID: 0000000029 Original file name: C:\Documents and Settings\Eve\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-15-2008 - 09-29-57\{11821116-0F8D-4FF5-A8D5-330C23399D3D} New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp236409113.tmp\29

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp236409113.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp236409113.tmp\29 Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

More int he Virus chest

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp109753200.tmp
FileID: 0000000027 Original file name: C:\WINDOWS\system32\ssttq.dll New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp109753200.tmp\27.dll

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp109753200.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp109753200.tmp\27.dll Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

I wonder...when should I stop?

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp89371088.tmp
FileID: 0000000026 Original file name: C:\WINDOWS\system32\ssqpo.dll New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp89371088.tmp\26.dll

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp89371088.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp89371088.tmp\26.dll Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

more coming after this...

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp167858876.tmp
FileID: 0000000028 Original file name: C:\WINDOWS\system32\ddabb.dll New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp167858876.tmp\28.dll

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp167858876.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp167858876.tmp\28.dll Win32:TratBHO [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

this one is different...scary!

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp
FileID: 0000000032 Original file name: E:\Bit Torrent Downloads\Plato Video To iPod Converter 4.82+key\PlatoVideo2iPod.exe New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\inno.hdr -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\WizardImage.bmp -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\WizardSmallImage.bmp -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\setup.exe\[Embedded#HELPER_EXE_AMD64] -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\setup.exe\[Embedded#REGDLL_EXE] -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\setup.exe\[Embedded#SHFOLDERDLL] -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{embedded}\setup.exe -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Video2iPod.exe -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#IDXHDR -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#STRINGS -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#SYSTEM -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#TOPICS -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#URLSTR -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\#URLTBL -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\How to Create iPod Video files.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\add.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button1.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button10.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button2.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button3.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button5.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button6.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button7.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button8.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button9.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\button_register.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\buy-it-now.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\clear.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\customize setting.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\default settings.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\dvd ripper pro.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\help.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\interface.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\mail.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\open.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\output_path.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\Plato_logo.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\play.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\point.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\register.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\register_vieotoipod.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\remove.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\sliders.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\source review.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\start.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\startbutton.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\stop_mouseover.bmp -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\video converter.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\images\videopreiview.jpg -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\installation.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\main window.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\overview.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\plato video converter.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\product_dvdripper.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\purchase.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\register to get full version.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\support.htm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm\videotoipod1.hhc -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\help.chm -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\setting\AddiTunes.exe -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\setting\Data.xml -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\setting\iPod.xml -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\VideoEdit.ocx -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\viscomqtde.dll -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\viscomwave.dll -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\mpgfiltr.ax -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\RealMediaSplitter.ax -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\avcodec-51.dll -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\avformat-51.dll -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\avutil-49.dll -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\libmp3lame-0.dll -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{sys}\SkinCrafter.dll -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Denna.skf -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\main.ico -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Help.ico -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Home.ico -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00]\{app}\Uninstall.ico -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe\[Embedded#009a00] -- no virus --
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp62908092.tmp\32.exe Win32:Small-FBJ [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

am I doomed??

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp
FileID: 0000000035 Original file name: C:\Documents and Settings\Eve\Local Settings\Temp\_avast4_\unp152198242.tmp New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp\35.tmp

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp\35.tmp\[FSG] Win32:Agent-SIM [Trj]
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp835944.tmp\35.tmp -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

Omg!

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp
FileID: 0000000037 Original file name: C:\WINDOWS\system32\Flower.exe New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp\37.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp\37.exe\[FSG] Win32:Agent-SIM [Trj]
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp259142005.tmp\37.exe -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp
FileID: 0000000039 Original file name: C:\WINDOWS\system32\drivers\disdn\Flower.exe New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp\39.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp\39.exe\[FSG] Win32:Agent-SIM [Trj]
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp98804989.tmp\39.exe -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

Heeellllpppp!

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp
FileID: 0000000033 Original file name: c:\windows\system32\anhao.exe New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp\33.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp\33.exe\[FSG] Win32:Agent-SIM [Trj]
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp210228490.tmp\33.exe -- no virus --
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

almost done

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp102948884.tmp
FileID: 0000000034 Original file name: C:\a.exe New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp102948884.tmp\34.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp102948884.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp102948884.tmp\34.exe Win32:Agent-EPC [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[Hey it's me]

one more after this..pls don't give up on me

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp53473301.tmp
FileID: 0000000036 Original file name: C:\Documents and Settings\Eve\Local Settings\Temporary Internet Files\Content.IE5\X900WE7M\2008[1].exe New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp53473301.tmp\36.exe

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp53473301.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp53473301.tmp\36.exe Win32:Agent-EPC [Trj]
------------------------------------------------------------------------------------------
Action was completed successfully!