This is the best way I know how to give you all the information. I copied the xml file in the chest and pasted it here.

<?xml version="1.0" encoding="UTF-8" ?>
  • 0000000E
  • 00000001 960498000 kernel32.dll C:\WINDOWS\SYSTEM System 1068596954 536576
  • 00000002 1036551338 wsock32.dll C:\WINDOWS\SYSTEM System 1068596956 36864
  • 00000003 960498000 command.com C: System 1068596957 93040
  • 00000004 1067581274 cln4066.TMP c:\WINDOWS\TEMP Win32:DyfucDldr [Trj] Vir yes 1068597354 69632
  • 00000005 1068655928 trz4062.TMP c:\WINDOWS\TEMP Win32:DyfucDldr [Trj] Vir yes 1068642741 69632
  • 00000006 1068656056 trz60E3.TMP c:\WINDOWS\TEMP Win32:DyfucDldr [Trj] Vir yes 1068642747 69632
  • 00000007 1068613136 Folders.dbx c:\WINDOWS\Application Data\Identities\{94C2B5C9-26A8-4F76-B240-5D5F6ECF8C0B}\Microsoft\Outlook Express Win32:DyfucDldr [Trj] Vir yes 1068642787 74720
  • 00000008 1068658846 pavdll.dll c:\My Documents\padmin.exe Win32:Kuang2 Vir no 1068644477 1179648
  • 00000009 1068658882 pav.sig c:\My Documents\padmin.exe Win95:Matyas Vir no 1068644514 3125710
  • 0000000A 960498000 wsock32.dll C:\WINDOWS\SYSTEM System 1068654750 36864
  • 0000000B 1070344190 [UPX] c:\WINDOWS\TEMP\_avast4_\unp23682 Win32:SdBot-g12 [Trj] Vir no 1070329790 1106432
  • 0000000C 1070342328 trz22C5.TMP c:\WINDOWS\TEMP Win32:SdBot-g12 [Trj] Vir yes 1070329806 1106432
  • 0000000D 1068282856 dbplugin.exe c:\WINDOWS Win32:SdBot-g12 [Trj] Vir yes 1070330192 261120