Somehow I got the Project 1 virus. I cant seem to get rid of it. I have done countless scans and online removals and nothing has worked. So far my firewall has been blocking it, but somehow it got past that and now AVAST is freaking out. I would really like to get rid of this Virus, or Trojan, whatever it is. Here is a HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 4:49:02 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\1146779291\ee\AOLSoftware.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\rcss.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080;https=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146779291\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Load WebShots 1999x1333 - C:\Documents and Settings\Weston Adams\Desktop\Webshots Premium Photos\WebShotsLoader.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Since you have Ewido check for updates and run a scan and post the log it makes.


Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..


Also...



Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.

OK. I did what you asked save the BitDefender scan because the message "this site does not have authorization to use this Active X control" kept coming up. So here are my logs that you wanted me to post...

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:19:34 PM 7/12/2006

+ Scan result:



C:\Program Files\ToolBar888\__delete_on_reboot__M_y_T_o_o_l_B _a_r_._d_l_l_ -> Adware.Softomate : No action taken.
[2676] C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.Softomate : No action taken.
[308] C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.Softomate : No action taken.
C:\WINDOWS\__delete_on_reboot__r_c_s_s_._e_x_e_ -> Backdoor.SdBot.aad : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\bootcom[1].zip -> Downloader.Adload.ch : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\drsmart6[1].zip -> Downloader.Adload.cw : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\drsmart6[1].zip -> Downloader.Adload.cw : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\bootsector[1].zip -> Downloader.VB.afe : No action taken.
C:\boot.pif -> Downloader.VB.afe : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\load67[1].zip -> Downloader.VB.afo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\setup[1].zip -> Downloader.VB.afo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\load67[1].zip -> Downloader.VB.afo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\load67[1].zip -> Downloader.VB.afo : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\drsmart7[1].zip -> Downloader.VB.agx : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\drsmart7[1].zip -> Downloader.VB.agx : No action taken.
:mozilla.100:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.57:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.99:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Carson\Cookies\carson@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.16:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.17:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.20:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.6:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\3d58yx8q.default\coo kies.txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Carson\Cookies\carson@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.36:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.37:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.38:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.39:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.40:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
:mozilla.49:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.31:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.32:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Com : No action taken.
:mozilla.33:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Com : No action taken.
:mozilla.70:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@techrepublic.com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.30:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.64:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.65:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.66:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.86:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.87:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.88:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.89:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.21:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.22:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.23:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.84:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.85:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.94:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.15:C:\Documents and Settings\Carson\Application Data\Mozilla\Firefox\Profiles\0een3zy5.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Weston Adams\Cookies\weston_adams@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end


--------------------
HIJACKTHIS LOG
--------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:20:41 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\1146779291\ee\AOLSoftware.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\rcss.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080;https=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146779291\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Load WebShots 1999x1333 - C:\Documents and Settings\Weston Adams\Desktop\Webshots Premium Photos\WebShotsLoader.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


---------------
Uninstall List
---------------

Ad-Aware SE Personal
Adobe Reader 7.0.7
Agnitum Outpost Firewall Pro
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Antivirus
Battlefield 2(TM)
Battlefield 2(TM) Demo
CA eTrust PestPatrol
Corel Paint Shop Pro X
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Diablo II
Digital Content Portal
DivX
DivX Player
EarthLink setup files
Easy CD & DVD Creator 6
EducateU
ELIcon
ESPNMotion
ewido anti-spyware 4.0
FlashGet(JetCar)
Fraps (remove only)
GiPo@MoveOnBoot 1.9.5
Google AFE
Google Earth
Google Toolbar for Internet Explorer
Hidden Finder 1.2.02
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB915865)
IncrediMail Xe
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer 7 Beta 2
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LimeWire PRO 4.11.0
Macromedia Shockwave Player
Media Center Extender
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (1.5.0.4)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
PowerDVD
Prey Demo
QuickTime
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
Steam
Super File Encryption 4.0
Sure Delete 5.1.0
SWAT 4
ToolBar888
TrojanHunter 4.5
UltraISO 8.12 Premium Edition
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WeatherBug
WeatherBug Browser Bar - powered by MyWebSearch
Webshots Desktop
WhiteCap
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 9 Series TweakMP PowerToy
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
WinRAR archiver
WinZip
WordPerfect Office 12

Hi,


From add/remove program please uninstall/remove if present:


FlashGet(JetCar)---if the free version that contains spyware
LimeWire PRO 4.11.0---may contain spyware, others are safer

Limewire (The most current version of Limewire is reported to include spyware. LimeWire 4.9.28 is clean. Older and newer version may not be.)

http://www.spywareinfo.com/articles/p2p/#limewire

ToolBar888
Viewpoint Media Player
WeatherBug
WeatherBug Browser Bar - powered by MyWebSearch


Reboot


Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done


Run hijackthis and click on scan button and put checks next to these:


O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll---if the free version
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm---if the free version

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe---if the free version


Make sure everything is closed but hijackthis and click on fix checked.


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):



DELETE FOLDERS

C:\Program Files\FlashGet---if free version
C:\Program Files\MyWebSearchWB
C:\Program Files\ToolBar888
C:\Program Files\AWS


Reboot normal mode...



To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)


And...



http://www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
*Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

Here is the Kaspersky Log..

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 13, 2006 12:55:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/07/2006
Kaspersky Anti-Virus database records: 207114
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79396
Number of viruses found: 19
Number of infected objects: 279 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:06:03

Infected Object Name / Virus Name / Last Action
C:\debug.pif Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a80 6ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped
C:\Documents and Settings\Carson\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\13ba2ee74b[1].zip/data.rar/comsonie.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\13ba2ee74b[1].zip/data.rar/cmdmgr3.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\13ba2ee74b[1].zip/data.rar/cmdmgr3.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\13ba2ee74b[1].zip/data.rar/cmdmgr3.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\13ba2ee74b[1].zip/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\13ba2ee74b[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\execlib[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\execlib[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\execlib[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\execlib[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\execlib[1].zip/data.rar/cmdmgr.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\execlib[1].zip/data.rar/comsonie.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\execlib[1].zip/data.rar Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\execlib[1].zip RarSFX: infected - 7 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[1].zip/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[2].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[2].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[2].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[2].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[2].zip/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\gamesforall[2].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\msdll[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\ntcc[1].zip Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0TUV0P23\sheetfile[1].zip Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\drsmart2[1].rar Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exec4[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exec4[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exec4[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exec4[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exec4[1].zip/data.rar/cmdmgr.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exec4[1].zip/data.rar/comserv.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exec4[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exec4[1].zip RarSFX: infected - 7 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exerpted2[1].exe/data.rar/comsonie.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exerpted2[1].exe/data.rar/cmdmgr3.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exerpted2[1].exe/data.rar/cmdmgr3.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exerpted2[1].exe/data.rar/cmdmgr3.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exerpted2[1].exe/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\exerpted2[1].exe RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\msconf[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NVH2GLZC\msdll[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\17e1f8af88[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\17e1f8af88[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\17e1f8af88[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\17e1f8af88[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\17e1f8af88[1].zip/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\17e1f8af88[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\drive[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\drsmart2[1].rar Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\drsmartload[2].exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\gamesforall[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\gamesforall[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\gamesforall[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\gamesforall[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\gamesforall[1].zip/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\gamesforall[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\google[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\msdll[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exec2[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exec2[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exec2[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exec2[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exec2[1].zip/data.rar/cmdmgr.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exec2[1].zip/data.rar/comserv.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exec2[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exec2[1].zip RarSFX: infected - 7 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\execfile00[1].rar Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exerpted2[1].exe/data.rar/comsonie.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exerpted2[1].exe/data.rar/cmdmgr3.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exerpted2[1].exe/data.rar/cmdmgr3.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exerpted2[1].exe/data.rar/cmdmgr3.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exerpted2[1].exe/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\exerpted2[1].exe RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\gamesforall[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\gamesforall[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\gamesforall[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\gamesforall[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\gamesforall[1].zip/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\gamesforall[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VVMOAVVI\google[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\cer t8.db Object is locked skipped
C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\fla shgot.log Object is locked skipped
C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\for mhistory.dat Object is locked skipped
C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\goo glesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\his tory.dat Object is locked skipped
C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\key 3.db Object is locked skipped
C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\par ent.lock Object is locked skipped
C:\Documents and Settings\Weston Adams\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\Cac he\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\Cac he\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\Cac he\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\Cac he\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Temp\~DFB3C8.tmp Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped
C:\Documents and Settings\Weston Adams\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Weston Adams\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Weston Adams\ntuser.dat.LOG Object is locked skipped
C:\ntcc.pif Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-07-13.11-34-02.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPMySrWB.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\Program Files\Prevx1\lclbrk.cache Object is locked skipped
C:\Program Files\Prevx1\log\px-log.txt Object is locked skipped
C:\Program Files\Prevx1\paws.cache Object is locked skipped
C:\Program Files\Prevx1\prevx.cache Object is locked skipped
C:\Program Files\Prevx1\proc.cat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0029749.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030752.exe/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030752.exe/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030752.exe/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030752.exe/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030752.exe/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030752.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030753.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030754.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030754.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030754.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030758.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030761.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030761.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030761.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0030762.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030960.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030965.exe/data.rar/cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030965.exe/data.rar/cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030965.exe/data.rar/cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030965.exe/data.rar/cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030965.exe/data.rar/cmdmgr.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030965.exe/data.rar/comsonie.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030965.exe/data.rar Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0030965.exe RarSFX: infected - 7 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031034.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031035.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031036.exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031038.pif Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031039.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031040.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031050.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031051.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031051.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031051.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031055.com Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031056.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031061.exe/stream/data0010 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031061.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP102\A0031061.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0032997.exe/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0032997.exe/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0032997.exe/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0032997.exe/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0032997.exe/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0032997.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0033137.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0033227.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0033227.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\A0033227.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP106\change.log Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025157.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025157.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025157.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025157.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025157.exe Instyler: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025166.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025169.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025169.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025169.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025169.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025169.exe Instyler: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025197.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025198.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025198.exe QuickBatch: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025198.exe PECompact: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025198.exe PecBundle: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025198.exe PE_Patch.PECompact: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025200.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025200.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025200.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025200.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0025200.exe Instyler: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026479.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026480.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026480.exe QuickBatch: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026480.exe PECompact: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026480.exe PecBundle: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026480.exe PE_Patch.PECompact: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026481.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026481.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026481.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026481.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026481.exe Instyler: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026525.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026527.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026527.exe QuickBatch: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026527.exe PECompact: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026527.exe PecBundle: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP79\A0026527.exe PE_Patch.PECompact: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0026943.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0026946.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0026946.exe QuickBatch: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0026946.exe PECompact: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0026946.exe PecBundle: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP81\A0026946.exe PE_Patch.PECompact: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0027066.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027166.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027167.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027168.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027169.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027170.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027171.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027172.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027173.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027174.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027175.com Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0027179.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP86\A0027240.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP86\A0027241.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP86\A0027241.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP86\A0027241.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP86\A0027242.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP86\A0027243.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027484.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027487.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027488.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027488.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027488.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027508.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027509.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027509.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027509.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP87\A0027674.com Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0046.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0047.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0048.BIN/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0048.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0048.BIN/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0048.BIN/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.370 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0048.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0048.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0048.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe/WISE0049.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe WiseSFX: infected - 10 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP90\A0027751.exe WiseSFX Dropper: infected - 10 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP92\A0028188.com Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028427.exe/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028427.exe/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028427.exe/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028427.exe/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028427.exe/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028427.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028428.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028429.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028429.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028429.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP94\A0028433.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029423.exe/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029423.exe/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029423.exe/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029423.exe/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029423.exe/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029423.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029424.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029425.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029425.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029425.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029429.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029432.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029432.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029432.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0029433.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP97\A0029490.dll Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP97\A0029493.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP97\A0029493.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP97\A0029493.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP97\A0029494.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\WINDOWS\0313.INS/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\0313.INS QuickBatch: infected - 1 skipped
C:\WINDOWS\0313.INS PECompact: infected - 1 skipped
C:\WINDOWS\0313.INS PecBundle: infected - 1 skipped
C:\WINDOWS\0313.INS PE_Patch.PECompact: infected - 1 skipped
C:\WINDOWS\aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\WINDOWS\aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\WINDOWS\aupdate32.exe NSIS: infected - 2 skipped
C:\WINDOWS\cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\WINDOWS\cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\WINDOWS\cmdmgr.exe Instyler: infected - 4 skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\hostsmgr.exe.tcf/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\hostsmgr.exe.tcf QuickBatch: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe.tcf PECompact: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe.tcf PecBundle: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe.tcf PE_Patch.PECompact: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe8603.tcf/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\hostsmgr.exe8603.tcf QuickBatch: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe8603.tcf PECompact: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe8603.tcf PecBundle: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe8603.tcf PE_Patch.PECompact: infected - 1 skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D29CACFA-96E2-4B7C-895F-511896F4F724}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd0637.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2cc.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_b3c.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\__delete_on_reboot__r_c_s_s_._e_x_e_ Infected: Backdoor.Win32.SdBot.aad skipped

Scan process completed.