Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:32, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\oaqntw.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\mwsygu.exe
O4 - HKLM\..\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\853957L.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - AppInit_DLLs: windows.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)

--
End of file - 5876 bytes


I think my girlfriend has come to terms with the fact it may not be fixed without wiping the hard drive etc and starting over. The only thing she wants to recover are all her photos on the system (in jpeg form) - if I was to back these up on a flash drive would any viruses 'follow'? The reason I ask is that I've already tried to transfer her photo files onto a flash drive (which had more than enough free space on it), but this was fraught with all sorts of problems (the files appeared to constanly reproduce themselves on the flash drive and only half of the photos would open).
Thanks for your ongoing efforts with this Neal.

Very possible photos are infected.


Let's try this before she reformats.



You may want to printout the following instructions:

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update successful message.
  • Click on Scanner on the toolbar at top of this screen.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

• Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.If you can't go to safe mode or run from safe mode, use NORMAL MODE.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

______________________________


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.

• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.

• Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
• At the bottom of the window click on the Apply all Actions button.(3)

• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop. I will need you to post this in your next reply.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.


If that one wont work then try this:



Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html

* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!


IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.

* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the SUPERAntiSpyware log in your next reply.

Hi Neal,
AVG Anti-spyware ran ok and found quite a few trogans and such, but it wouldn't give allow me to save a report despite the "auto generate report after every scam" being checked, hope this isn't too much of an problem.

Here's the SuperAntiSpyware Log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/10/2008 at 11:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3399
Trace Rules Database Version: 1391

Scan type : Complete Scan
Total Scan Time : 02:01:02

Memory items scanned : 390
Memory threats detected : 0
Registry items scanned : 5402
Registry threats detected : 12
File items scanned : 34718
File threats detected : 393

MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable

Adware.Tracking Cookie
C:\Documents and Settings\Emzie\Cookies\emzie@atdmt[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@apmebf[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@local[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@webstat[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@maxserving[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkoqkc5aao.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@1072649278[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adviva[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@superstats[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adtech[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@s[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@tradedoubler[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjlococjsko.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@bluestreak[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjmyslajocp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@msnhandbag[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@dist.belnk[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfk4qgazsep.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@a[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkyklajwdp.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjkykjdjefp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfliogazedo.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@1070106250[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@valueclick[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@1067681875[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@xiti[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@paypal.112.2o7[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-fastweb.hitbox[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-capitalgroup.hitbox[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkycmcjafq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkocjcjcaq.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@www.dgm2[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@statse.webtrendslive[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@etype.adbureau[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@kanoodle[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@revsci[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@msnportal.112.2o7[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfmygid5kko.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adrevolver[3].txt
C:\Documents and Settings\Emzie\Cookies\emzie@perf.overture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@2o7[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@tribalfusion[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjmygnc5wdq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfk4gldpoko.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkoopdjalq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfliqidzseq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@sel.as-us.falkag[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@www.hxtrack[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@stat.onestat[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgk4qpdzgbq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-debenhams.hitbox[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfmiqgcpwbq.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgmyalcpeho.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkogocjsdp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjlysjdpago.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adrevolver[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@qnsr[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@cgi-bin[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@bs.serving-sys[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjkyaiczadq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ads.guardian.co[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@www.3pintracking[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@112.2o7[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wbkyskcjcdq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-tfl.hitbox[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfmyaiczkap.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@as1.falkag[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfmiwkczihp.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@handbag[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@58032969[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjl4ohdpcgp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@bupa[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@interclick[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6whlocgcjiep.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@doubleclick[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjl4wkajkgp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjlywic5aep.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjmysjc5gfo.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjkoqldjcgq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@a.websponsors[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjlyumdjmcq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@phg.hitbox[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@questionmarket[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6whliagcjsdq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfk4ugdjgfp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@serving-sys[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@statcounter[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkoggd5eao.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjlyakdpcbo.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@burstnet[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@tracking.summitmedia. co[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-attenza.hitbox[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@belnk[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@fastclick[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfmikmajgao.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjlouocjgko.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@atoc.112.2o7[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkionajieo.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjmikmcpkbp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkocmczckq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgmioncpiap.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@mediaplex[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@advertising[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@1067974671[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ad2.adecn[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ads.gameforgeads[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjmisicjicq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkiejdjihp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@1069675701[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkyqjajagp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@counter.hitslink[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkygmdzagq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ads.pointroll[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@zedo[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@handbag[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-bbc.hitbox[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@bannerads.wedalert[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfloajajodo.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ad.yieldmanager[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@www.burstnet[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkocpdzmkp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfmiggczgko.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wbkogoazwhp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@anat.tacoda[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjloeic5cgo.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adopt.euroclick[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@247realmedia[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ads.monster[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjkygncpofo.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@hitbox[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@tacoda[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@yieldmanager[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6whl4khc5cfo.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkoepdzibp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-iwantoneofthose.hitbox[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@metacafe.122.2o7[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfliemdzahq.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adserver[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjk4oiajkco.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@casalemedia[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkowmdzmbo.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wbkywodpako.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ads.ak.facebook[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wglycmazslp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ad.zanox[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkogic5edp.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@overture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgmieiajoko.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6whkoegdzmcp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adecn[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adserver.mediarun[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-digg.hitbox[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgkysmc5map.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ehg-kodak.hitbox[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wgmyajazghp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@trafficmp[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjkycpdzgfo.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@server.iad.liveperson[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfmyegazmlp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wjl4qhazshq.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ad1.emediate[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6whlyakdjgep.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfkoulajkkp.stats.esomniture[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@e-2dj6wfk4uhajccq.stats.esomniture[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@media.adrevolver[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@ads.neransk[2].txt
C:\Documents and Settings\Emzie\Cookies\emzie@adrevenue[1].txt
C:\Documents and Settings\Emzie\Cookies\emzie@anad.tacoda[1].txt
C:\Documents and Settings\Administrator.EMMA\Cookies\administrator@ maxserving[2].txt
C:\Documents and Settings\LocalService\Cookies\system@maxserving[1].txt

Trojan.Unclassified/QQLogin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0014530.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0014535.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0014536.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0014540.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016408.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016409.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016414.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016415.DLL
C:\WINDOWS\SYSTEM32\BMFTVE.DLL
C:\WINDOWS\SYSTEM32\BOYQMJ.DLL
C:\WINDOWS\SYSTEM32\DHHEWR.DLL
C:\WINDOWS\SYSTEM32\JXSAUO.DLL
C:\WINDOWS\SYSTEM32\LDXXYY.DLL
C:\WINDOWS\SYSTEM32\MPPDS.DLL
C:\WINDOWS\SYSTEM32\MSIMMS32.DLL
C:\WINDOWS\SYSTEM32\NAVMON32.DLL
C:\WINDOWS\SYSTEM32\SHAPROC.DLL
C:\WINDOWS\SYSTEM32\VNDZFV.DLL
C:\WINDOWS\SYSTEM32\WHNPQI.DLL

Trojan.Unclassified/QQLogin-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0014538.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0014539.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0014563.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0014610.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0014623.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0015174.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0015183.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0015264.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0015273.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016281.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016282.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016283.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016284.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016285.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016286.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016287.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016288.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016289.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016290.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016291.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016292.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016293.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016294.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016295.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016296.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016297.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016298.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016299.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016301.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016302.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016303.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016304.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016305.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016306.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016317.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016318.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016319.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016320.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016321.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016322.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016323.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016324.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016327.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016328.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016329.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016330.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016333.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016334.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016335.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016336.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016337.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016338.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016339.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016340.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016341.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016342.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016343.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016344.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016345.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016346.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016347.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016348.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016349.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016350.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016351.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016352.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016356.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016359.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016360.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016361.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016362.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016363.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016364.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016367.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016410.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016436.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016437.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016438.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016439.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016440.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016441.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016442.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016443.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016449.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016452.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016453.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016456.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016457.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016458.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016459.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016460.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016461.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016462.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016463.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016464.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016465.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016466.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016467.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016468.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016469.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016470.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016471.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016472.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016473.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016474.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016475.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016476.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016477.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016478.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016479.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016480.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016481.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016482.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016483.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016484.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016485.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016486.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016487.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016488.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016489.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016490.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016491.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016492.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016495.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016496.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016497.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016499.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016500.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016501.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016502.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016503.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016504.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016505.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016506.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016507.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016545.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016546.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016547.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016549.DLL
C:\WINDOWS\SYSTEM32\AMNNHQ.DLL
C:\WINDOWS\SYSTEM32\AUSSSJ.DLL
C:\WINDOWS\SYSTEM32\AVYSGQ.DLL
C:\WINDOWS\SYSTEM32\AYBUVG.DLL
C:\WINDOWS\SYSTEM32\AZGNHK.DLL
C:\WINDOWS\SYSTEM32\BHLOAU.DLL
C:\WINDOWS\SYSTEM32\CFCBZS.DLL
C:\WINDOWS\SYSTEM32\CFZOGU.DLL
C:\WINDOWS\SYSTEM32\CIGJWW.DLL
C:\WINDOWS\SYSTEM32\DFXBGW.DLL
C:\WINDOWS\SYSTEM32\ELQBJM.DLL
C:\WINDOWS\SYSTEM32\HJUXDZ.DLL
C:\WINDOWS\SYSTEM32\HSTOZE.DLL
C:\WINDOWS\SYSTEM32\IMFHKV.DLL
C:\WINDOWS\SYSTEM32\JJRFTQ.DLL
C:\WINDOWS\SYSTEM32\JXKJDN.DLL
C:\WINDOWS\SYSTEM32\KJXGDZ.DLL
C:\WINDOWS\SYSTEM32\KSHYGN.DLL
C:\WINDOWS\SYSTEM32\KYVNBD.DLL
C:\WINDOWS\SYSTEM32\MOZIND.DLL
C:\WINDOWS\SYSTEM32\MUUYKH.DLL
C:\WINDOWS\SYSTEM32\NIXOLT.DLL
C:\WINDOWS\SYSTEM32\NTIHFV.DLL
C:\WINDOWS\SYSTEM32\NXXYZU.DLL
C:\WINDOWS\SYSTEM32\OQAXIN.DLL
C:\WINDOWS\SYSTEM32\ORIXPW.DLL
C:\WINDOWS\SYSTEM32\PQBOMF.DLL
C:\WINDOWS\SYSTEM32\PSYHFU.DLL
C:\WINDOWS\SYSTEM32\RCIEYE.DLL
C:\WINDOWS\SYSTEM32\REGSRV64D.DLL
C:\WINDOWS\SYSTEM32\RPQYDR.DLL
C:\WINDOWS\SYSTEM32\RRUMIW.DLL
C:\WINDOWS\SYSTEM32\RZVLLX.DLL
C:\WINDOWS\SYSTEM32\SSLDYN.DLL
C:\WINDOWS\SYSTEM32\SWENAC.DLL
C:\WINDOWS\SYSTEM32\SYCRKP.DLL
C:\WINDOWS\SYSTEM32\TCPVWL.DLL
C:\WINDOWS\SYSTEM32\UPRXYL.DLL
C:\WINDOWS\SYSTEM32\VDEEFL.DLL
C:\WINDOWS\SYSTEM32\VILKJC.DLL
C:\WINDOWS\SYSTEM32\VOMCHH.DLL
C:\WINDOWS\SYSTEM32\XBXOWP.DLL
C:\WINDOWS\SYSTEM32\YAQNEY.DLL
C:\WINDOWS\SYSTEM32\ZAOORB.DLL
C:\WINDOWS\SYSTEM32\ZEKTGJ.DLL
C:\WINDOWS\SYSTEM32\ZGYJWM.DLL
C:\WINDOWS\SYSTEM32\ZNOPXC.DLL
C:\WINDOWS\SYSTEM32\ZTMBGD.DLL

Trojan.Downloader-Gen/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016331.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016332.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016420.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016421.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016430.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016433.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016447.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016450.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016451.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016521.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016550.EXE

Trojan.Downloader-Gen/Win
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016355.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016357.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP74\A0016358.EXE

I need feed back each time you post so I will know what is going on now.

I also need a new hijackthis log please.

Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:53, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\oaqntw.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\mwsygu.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\853957L.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - AppInit_DLLs: windows.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)

--
End of file - 6141 bytes


At the moment Avast antivirus reguarly pops up saying it's found a virus or a trogan or soemthing, and there's no longer any room in the virus chest to put what it's found - is there any way to increase the size of the chest, or is this not necessary? The system does seem a little more stable however, and hasn't crashed for a while.

Just delete everything in the virus chest.



Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode without network support and press enter.




Run hijackthis and click on "scan system only" button and put checks next to these:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\oaqntw.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\IGM.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\mwsygu.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\853957L.exe



Please close ALL browser windows (including this one).

Everything closed out but hijackthis and click on "fix checked"


Navigate to these files or folders while still in safe mode using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:

C:\WINDOWS\oaqntw.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\IGM.exe
C:\WINDOWS\mwsygu.exe
C:\WINDOWS\853957L.exe


Reboot your PC and post a new hijackthis log


You must change your passwords from a clean PC when you are deemed "clean"

If any online banking, credit card transactions are or have been done on this PC notify those companies as one of the trojans you have is a password stealing Trojan.


It looks like you have some Mcafee components installed and you really need to uninstall those if you are going to run Avast. If you need a Mcafee uninstaller there is one available.

How is your PC doing now?

Hi Neal,
Thanks again for your prompt reply. I removed those items with HiJackThis and although there wan't any sign of them in the Windows folder, I couldn't actually search for them because when I opened the search tool a similar dialouge box to the one I mentioned earlier will pop up:

'The instruction at "xxxxxxxxxxxxx" referencing memory at "xxxxxxxxxxxx". The memory could not be "read". Click OK to terminate the program. Click Cancel to debug the program.'

Clicking either Ok or cancel will close everything and return me to the desktop. This happened in both safe and normal mode
Also, Avast will periodically tell me that the network shield has blocked an attack from "DCOM exploit" with an associated IP address.

The laptop remains relatively stable though (apart from issues with the search function noted above) and hasn't crashed spontaneously for some time.

As always, thanks for your brilliant efforts with this Neal.

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:18, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - AppInit_DLLs: windows.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)

--
End of file - 5432 bytes

Read about "DCOM exploit":

http://www.google.com/search?hl=en&q...arch&aq=-1&oq=


Let's try combofix again, if you get the error you got before, see if you can find the folder(combofix) and move it to C:\ComboFix, that is where it is supposed to be. Then try to double click it again from your desktop
The folder not the setup file which should be on desktop.



If you have previously downloaded ComboFix,please delete that version now.

Now download http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners now

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Hi Neal,
Sorry for the delay in replying, I've been on holiday for a few days.
I deleted and then downloaded combofix again and it seemed to work ok this time, here's the log:

ComboFix 08-02-21 - Emzie 2008-02-21 0:07:44.1 - NTFSx86
Running from: C:\Documents and Settings\Emzie\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\microsoft\pctools
C:\Program Files\Common Files\cpush
C:\WINDOWS\3195.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\WINDOWS\system32\k11910135476.exe
C:\WINDOWS\system32\k11911816764.exe
C:\WINDOWS\system32\k11981094956.exe
C:\WINDOWS\system32\k11981097156.exe
C:\WINDOWS\system32\k11981097166.exe
C:\WINDOWS\system32\k11981097178.exe
C:\WINDOWS\system32\k11981097198.exe
C:\WINDOWS\system32\k11981776286.exe
C:\WINDOWS\system32\k11981776295.exe
C:\WINDOWS\system32\k11981776306.exe
C:\WINDOWS\system32\k119817763310.exe
C:\WINDOWS\system32\k119817763510.exe
C:\WINDOWS\system32\k119817764116.exe
C:\WINDOWS\system32\k11981779175.exe
C:\WINDOWS\system32\k11981779186.exe
C:\WINDOWS\system32\k119817792310.exe
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\mstacim.sig
C:\WINDOWS\system32\SHQ.DLL
C:\WINDOWS\system32\SHQMANGR.DLL
C:\WINDOWS\system32\svchost.dat

.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 23:58 . 2008-02-20 23:58 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-10 21:41 . 2008-02-10 23:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-10 21:41 . 2008-02-10 21:41 <DIR> d-------- C:\Documents and Settings\Emzie\Application Data\SUPERAntiSpyware.com
2008-02-10 21:41 . 2008-02-10 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-10 21:40 . 2008-02-10 21:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 22:50 . 2008-02-07 22:50 <DIR> d-------- C:\Documents and Settings\Emzie\Application Data\Grisoft
2008-02-07 22:50 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-06 22:06 . 2008-02-06 22:06 <DIR> d-------- C:\Deckard
2008-01-30 23:15 . 2008-01-30 23:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-24 22:39 . 2008-01-24 22:39 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-24 22:39 . 2007-12-04 13:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-24 22:39 . 2004-01-09 09:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-24 22:39 . 2007-12-04 12:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-24 22:39 . 2007-12-04 14:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-24 22:39 . 2007-12-04 14:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-24 22:39 . 2007-12-04 14:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-24 22:39 . 2007-12-04 14:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-24 22:39 . 2007-12-04 14:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-24 22:08 . 2005-11-23 20:26 <DIR> d-------- C:\Documents and Settings\Administrator.EMMA\Application Data\You've Got Pictures Screensaver
2008-01-24 22:08 . 2005-11-23 20:32 <DIR> d-------- C:\Documents and Settings\Administrator.EMMA\Application Data\Jasc Software Inc
2008-01-24 22:08 . 2005-11-23 20:21 <DIR> d-------- C:\Documents and Settings\Administrator.EMMA\Application Data\Intel
2008-01-24 21:25 . 2005-11-23 20:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-12 20:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 01:40 --------- d-----w C:\Program Files\Modem Helper
2008-01-31 01:40 --------- d-----w C:\Program Files\Microsoft Works
2008-01-31 01:37 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-31 01:35 --------- d-----w C:\Program Files\Flickr Uploadr
2008-01-31 01:35 --------- d-----w C:\Program Files\DellSupport
2008-01-31 01:33 --------- d-----w C:\Program Files\AOL Companion
2008-01-31 01:33 --------- d-----w C:\Program Files\AOL 9.0
2008-01-24 23:40 --------- d-----w C:\Program Files\uTorrent
2008-01-24 23:40 --------- d-----w C:\Program Files\QuickTime
2008-01-24 22:56 --------- d-----w C:\Program Files\iTunes
2008-01-24 22:49 --------- d-----w C:\Program Files\NetWaiting
2008-01-24 22:49 --------- d-----w C:\Program Files\MSN Messenger
2008-01-24 22:48 --------- d-----w C:\Program Files\Digital Line Detect
2008-01-24 22:48 --------- d-----w C:\Program Files\Apple Software Update
2008-01-24 22:42 21,120 ----a-w C:\WINDOWS\system32\drivers\winsys.sys
2008-01-24 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-17 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 10:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 10:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 10:10 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2005-06-21 09:33 393216 C:\WINDOWS\stsystra.exe]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOL SP Scheduler.exe" [2004-02-16 14:04 147456]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdl r.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 13:00 79224]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=windows.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{845ce630-ca65-11db-b1d5-00038a000015}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dc6997aa-6c1d-11dc-b22f-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f122268c-d0d6-11db-b1da-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 00:10:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-21 0:11:23
ComboFix-quarantined-files.txt 2008-02-21 00:11:06
.
2008-02-12 19:29:39 --- E O F ---


The laptop seems to be running ok at the moment, during the the last 10mins or so that I've been using it anyway.
I've got a couple of quick queries about the avast virus chest: Is it ok to delete the system files that are in there as well? And after deleting the other infected files from the chest a few programs wnet missing (firefox, powerDVD among them), I take it this is to be expected and nothing sinister?