I think i have a trojan [RESOLVED]

Hello and Welcome to Geekstogo!

Sorry for the delay!

Go Start > Control Panel > Add/Remove Programs and uninstall:
The_Pirate_Bay <= This is a pirate site, which is a place your likely to get virus's from.

Open HijackThis and put a check next to these:
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - D:\Program Files\The_Pirate_Bay\tbThe_.dll

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - D:\Program Files\ContextTool\ContextTool-1.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - D:\Program Files\The_Pirate_Bay\tbThe_.dll

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

Click Fix Checked and close HJT.

Locate and delete this folder:
D:\Program Files\The_Pirate_Bay\

Restart your computer and post a new HJT log please.

First of all thanks so much for even taken a look at this..... ok i did everything you asked except uninstall the piratebay toolbar because like i said before when i try to open any properties of anything or add or remove programs window the same thing i described before comes up....anything from my control panel thats not a folder, this comes up... i deleted the folder like you said and fixed all the ones you told me from HKT.... i restarted my computer and everything.... still have the problem... here is my new HJT loglife



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:06 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
D:\WINDOWS\Explorer.EXE
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\Program Files\McAfee\MSK\MskSrver.exe
D:\Program Files\SiteAdvisor\6253\SAService.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\SiteAdvisor\6253\SiteAdv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "D:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] "D:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - D:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\6253\SAService.exe


thanks in advance

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ok heres what you asked me....

HJT logfile


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:58 AM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\Program Files\McAfee\MSK\MskSrver.exe
D:\Program Files\SiteAdvisor\6253\SAService.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\SiteAdvisor\6253\SiteAdv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "D:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] "D:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0056231199599504) (0056231199599504mcinstcleanup) - Unknown owner - D:\WINDOWS\TEMP\005623~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - D:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 9952 bytes



Combofix logfile


ComboFix 08-01-04.1 - Ezequiel 2008-01-06 6:57:16.1 - NTFSx86
Running from: D:\Documents and Settings\Ezequiel\Local Settings\Temporary Internet Files\Content.IE5\4D5VN2VT\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\ContextTool
D:\Program Files\ContextTool\pcre3.dll
D:\Program Files\ContextTool\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 06:54 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-06 01:49 . 2008-01-06 01:49 <DIR> d-------- D:\Program Files\Common Files\TI Shared
2008-01-06 01:49 . 2004-02-04 11:27 49,536 --a------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2008-01-06 01:49 . 2003-11-14 15:53 11,520 --a------ D:\WINDOWS\system32\drivers\wdmstub.sys
2008-01-06 01:48 . 2007-06-08 13:15 194,362 --a------ D:\WINDOWS\system32\drivers\windrvr6.sys
2008-01-06 01:48 . 2007-06-08 13:15 102,400 --a------ D:\WINDOWS\system32\wdapi811.dll
2008-01-06 01:48 . 2007-01-10 13:23 17,424 --a------ D:\WINDOWS\system32\drivers\ezusb.sys
2008-01-06 01:47 . 2008-01-06 01:48 <DIR> d-------- D:\Program Files\Common Files\Vernier Software
2008-01-06 01:46 . 2008-01-06 01:46 <DIR> d-------- D:\Program Files\Vernier Software
2008-01-06 01:46 . 2008-01-06 01:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-01-06 01:45 . 2008-01-06 01:45 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\InstallShield
2008-01-05 12:04 . 2008-01-05 15:13 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2008-01-05 12:04 . 2008-01-06 01:49 <DIR> d-------- D:\WINDOWS\LastGood
2008-01-05 12:04 . 2008-01-05 12:04 30,590 --a------ D:\WINDOWS\system32\pavas.ico
2008-01-05 12:04 . 2008-01-05 12:04 2,550 --a------ D:\WINDOWS\system32\Uninstall.ico
2008-01-05 12:04 . 2008-01-05 12:04 1,406 --a------ D:\WINDOWS\system32\Help.ico
2008-01-02 12:24 . 2008-01-05 15:03 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-02 12:24 . 2008-01-02 12:24 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\SUPERAntiSpyware.com
2008-01-02 12:24 . 2008-01-02 12:24 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-02 12:23 . 2008-01-02 12:23 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 03:04 . 2008-01-02 03:04 <DIR> d-------- D:\Program Files\CCleaner
2007-12-31 09:58 . 2007-12-31 09:58 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\Grisoft
2007-12-31 09:57 . 2007-12-31 09:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 09:57 . 2007-05-30 07:10 10,872 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-30 23:45 . 2007-12-30 23:45 <DIR> d-------- D:\Program Files\Trend Micro
2007-12-30 01:47 . 2007-12-30 01:47 164 --a------ D:\install.dat
2007-12-30 01:44 . 2007-12-04 07:54 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-12-30 01:44 . 2007-12-04 09:55 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 01:44 . 2007-12-04 09:56 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 01:44 . 2007-12-04 09:51 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 01:44 . 2007-12-04 09:49 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 01:44 . 2007-12-04 09:53 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 01:42 . 2007-12-30 01:42 <DIR> d-------- D:\Program Files\Alwil Software
2007-12-30 01:42 . 2003-03-18 16:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2007-12-30 01:42 . 2007-12-04 08:04 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-12-30 01:42 . 2004-01-09 04:13 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2007-12-30 01:37 . 2007-12-30 01:50 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\GetRightToGo
2007-12-29 13:07 . 2007-12-29 13:10 <DIR> d-------- D:\Program Files\QuickTime
2007-12-27 21:38 . 2008-01-05 11:32 6,308 --a------ D:\WINDOWS\system32\Config.MPF
2007-12-27 21:29 . 2007-12-27 21:29 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2007-12-27 21:29 . 2007-12-29 01:45 <DIR> d-------- D:\Program Files\SiteAdvisor
2007-12-27 21:29 . 2007-12-28 21:31 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\SiteAdvisor
2007-12-27 21:29 . 2007-12-27 21:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-27 21:20 . 2007-12-27 21:20 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-12-27 19:09 . 2006-03-03 11:07 143,360 --a------ D:\WINDOWS\system32\dunzip32.dll
2007-12-27 19:08 . 2007-07-21 09:08 201,288 --a------ D:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-27 19:08 . 2007-07-13 09:20 113,952 --a------ D:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-27 19:08 . 2007-07-24 07:40 79,304 --a------ D:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-27 19:08 . 2007-07-21 09:08 40,488 --a------ D:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-27 19:08 . 2007-07-21 09:08 35,240 --a------ D:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-27 19:08 . 2007-07-24 12:02 33,800 --a------ D:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-27 19:06 . 2007-12-27 20:18 <DIR> d-------- D:\Program Files\McAfee.com
2007-12-27 19:06 . 2007-12-27 21:29 <DIR> d-------- D:\Program Files\McAfee
2007-12-27 19:06 . 2007-12-27 21:27 <DIR> d-------- D:\Program Files\Common Files\McAfee
2007-12-27 18:51 . 2007-12-27 21:37 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee
2007-12-27 12:40 . 2007-12-27 12:40 0 --a------ D:\rollback.ini
2007-12-27 12:33 . 2007-12-27 19:27 2,933,536 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 12:33 . 2007-12-27 19:27 13,856 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-27 12:33 . 2007-12-27 12:33 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-27 12:33 . 2007-12-27 12:33 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 23:21 . 2004-04-27 04:40 11,264 --a------ D:\WINDOWS\system32\SpOrder.dll
2007-12-26 23:21 . 2007-12-27 12:58 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-12-26 23:20 . 2007-12-27 20:18 <DIR> d-------- D:\WINDOWS\Internet Logs
2007-12-26 21:54 . 2007-12-26 22:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 17:41 . 2007-12-26 17:41 <DIR> d-------- D:\Program Files\Conduit
2007-12-26 16:21 . 2007-12-26 16:21 <DIR> d-------- D:\Program Files\AskSBar
2007-12-25 22:45 . 2007-12-26 02:58 <DIR> d-------- D:\Documents and Settings\Ezequiel\Contacts
2007-12-25 21:27 . 2007-12-25 21:28 <DIR> d-------- D:\Program Files\DivX
2007-12-24 13:50 . 2007-12-24 13:56 34,825 --a------ D:\WINDOWS\DIIUnin.dat
2007-12-24 13:49 . 2007-12-24 13:49 94,208 --a------ D:\WINDOWS\DIIUnin.exe
2007-12-24 13:49 . 2007-12-24 13:49 2,829 --a------ D:\WINDOWS\DIIUnin.pif
2007-12-24 13:46 . 2007-12-29 01:21 <DIR> d-------- D:\Program Files\Diablo II
2007-12-23 04:07 . 2007-04-04 17:39 442,368 -ra------ D:\WINDOWS\system32\vp6vfw.dll
2007-12-22 10:16 . 2007-12-22 10:16 <DIR> d-------- D:\Program Files\Common Files\Blizzard Entertainment
2007-12-17 11:00 . 2007-12-17 11:00 <DIR> d-------- D:\Program Files\Yahoo!
2007-12-17 11:00 . 2007-12-17 11:00 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\Yahoo!
2007-12-17 11:00 . 2007-12-17 11:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-17 10:59 . 2007-12-17 10:59 <DIR> d-------- D:\WINDOWS\cache
2007-12-14 22:49 . 2007-12-14 22:49 268 --ah----- D:\sqmdata00.sqm
2007-12-14 22:49 . 2007-12-14 22:49 244 --ah----- D:\sqmnoopt00.sqm
2007-12-14 22:43 . 2008-01-05 15:04 <DIR> d-------- D:\Program Files\Windows Live Toolbar
2007-12-14 22:43 . 2007-12-14 22:43 <DIR> d-------- D:\Program Files\Windows Live Favorites
2007-12-14 22:27 . 2007-12-14 22:40 <DIR> d-------- D:\Program Files\Windows Live
2007-12-14 22:27 . 2007-12-14 22:39 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2007-12-14 22:20 . 2007-12-14 22:27 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ D:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ D:\WINDOWS\system32\QuickTime.qts
2007-12-09 20:57 . 2007-12-09 20:57 56,664 --ah----- D:\WINDOWS\system32\mlfcache.dat
2007-12-09 20:52 . 2007-12-09 20:52 <DIR> d-------- D:\Program Files\Safari
2007-12-09 20:18 . 2004-08-03 23:08 31,616 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-09 20:18 . 2004-08-03 23:08 31,616 --a--c--- D:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-09 20:18 . 2004-08-04 00:56 21,504 --a------ D:\WINDOWS\system32\hidserv.dll
2007-12-09 20:18 . 2004-08-04 00:56 21,504 --a--c--- D:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-09 20:18 . 2004-08-03 22:58 14,848 --a------ D:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-09 20:18 . 2004-08-03 22:58 14,848 --a--c--- D:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-09 20:18 . 2001-08-17 14:02 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys
2007-12-09 20:18 . 2001-08-17 14:02 9,600 --a--c--- D:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-06 23:29 . 2007-12-09 21:31 <DIR> d-------- D:\Program Files\DriverGuide Toolkit
2007-12-06 22:24 . 2007-12-06 22:24 <DIR> d-------- D:\Program Files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 18:24 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\uTorrent
2007-12-30 07:02 --------- d-----w D:\Program Files\MSTpscre
2007-12-28 01:18 --------- d-----w D:\Program Files\PlayMP3z
2007-12-27 17:31 --------- d-sh--w D:\Documents and Settings\Ezequiel\Application Data\.#
2007-12-27 17:31 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 21:22 --------- d-----w D:\Program Files\FrostWire
2007-12-24 18:56 21,840 ----atw D:\WINDOWS\system32\SIntfNT.dll
2007-12-24 18:56 17,212 ----atw D:\WINDOWS\system32\SIntf32.dll
2007-12-24 18:56 12,067 ----atw D:\WINDOWS\system32\SIntf16.dll
2007-12-23 23:32 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-14 01:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 23:30 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-10 01:52 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\Apple Computer
2007-12-10 01:30 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\FrostWire
2007-12-05 19:07 --------- d-----w D:\Program Files\Azureus
2007-12-05 11:36 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\Azureus
2007-12-04 21:28 --------- d-----w D:\Program Files\uTorrent
2007-12-04 01:33 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w D:\WINDOWS\system32\DivX.dll
2007-12-03 05:27 --------- d-----w D:\Program Files\Microsoft Games
2007-12-03 02:25 --------- d-----w D:\Program Files\MSXML 4.0
2007-11-29 22:30 524,288 ----a-w D:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll
2007-11-28 21:55 156,992 ----a-w D:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:52 12,288 ----a-w D:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-24 17:44 --------- d-----w D:\Program Files\Xvid
2007-11-22 03:05 --------- d-----w D:\Program Files\iTunes
2007-11-22 03:05 --------- d-----w D:\Program Files\iPod
2007-11-22 02:56 --------- d-----w D:\Program Files\Apple Software Update
2007-11-22 02:52 --------- d-----w D:\Program Files\Common Files\Apple
2007-11-22 02:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-11-21 01:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-21 00:01 --------- d-----w D:\Program Files\MSBuild
2007-11-21 00:01 --------- d-----w D:\Program Files\Microsoft Works
2007-11-20 23:46 --------- d-----w D:\Program Files\MagicDisc
2007-11-18 21:53 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\LimeWire
2007-11-18 21:31 --------- d-----w D:\Program Files\Common Files\Java
2007-11-18 21:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus
2007-11-18 21:10 685,816 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2007-11-18 20:02 --------- d-----w D:\Program Files\Common Files\Motive
2007-11-18 07:09 --------- d-----w D:\Program Files\Java
2007-11-18 07:02 --------- d-----w D:\Program Files\DAEMON Tools
2007-11-17 08:55 --------- d-----w D:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 18:03 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-29 22:43 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-27 22:39 230,912 ----a-w D:\WINDOWS\system32\wmasf.dll
2007-10-18 16:31 51,224 ----a-w D:\WINDOWS\system32\sirenacm.dll
2007-10-17 11:24 2,526,800 ----a-w D:\WINDOWS\Install_B4Playing.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-12-26 16:21 66912 --a------ D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-26 16:21 267592 --a------ D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{A33FA729-D155-4B23-842B-2C665ECABDB6}
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-26 16:21 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 06:53 171464]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 04:11 132496]
"SiteAdvisor"="D:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-21 18:12 36640]
"McENUI"="D:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]

D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [2007-11-20 18:46:35]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Ezequiel^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=D:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Ezequiel^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=D:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 00:47 31016 --a------ D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;D:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
R3 WinDriver6;WinDriver6;D:\WINDOWS\system32\drivers\windrvr6.sys [2007-06-08 13:15]
S2 0056231199599504mcinstcleanup;McAfee Application Installer Cleanup (0056231199599504);D:\WINDOWS\TEMP\005623~1.EXE D:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 pnicII;Linksys Fast Ethernet PCI Card;D:\WINDOWS\system32\DRIVERS\lne100.SYS [2001-08-17 15:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d796344-9c9e-11dc-b27e-00183af4f9c5}]
\Shell\AutoRun\command - I:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ea1ba43-6c1f-1014-85c4-b9f2c719bf38}]
\Shell\Auto\command - Setup.exe
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.exe

*Newly Created Service* - PROCEXP90
*Newly Created Service* - PWISQORDKAEM
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 00:59:08 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-06 11:45:06 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-28 00:07:24 D:\WINDOWS\Tasks\McDefragTask.job"
- d:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-28 00:07:21 D:\WINDOWS\Tasks\McQcTask.job"
- d:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 07:03:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 7:05:27
ComboFix-quarantined-files.txt 2008-01-06 12:05:11
.
2007-12-23 23:33:49 --- E O F ---

Hi again.

Open HijackThis and put a check next to these:
O3 - Toolbar: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)

O23 - Service: McAfee Application Installer Cleanup (0056231199599504) (0056231199599504mcinstcleanup) - Unknown owner - D:\WINDOWS\TEMP\005623~1.EXE (file missing)

Click Fix Checked and close HJT.

Open Notepad and copy and paste in the following:

sc stop "McAfee Application Installer Cleanup"
sc delete "McAfee Application Installer Cleanup"

del /q fix1.bat

Save it as Fix1.bat to the desktop and double-click on it. Let it run.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
D:\WINDOWS\system32\pavas.ico
D:\WINDOWS\system32\Uninstall.ico
D:\WINDOWS\system32\Help.ico
D:\WINDOWS\TEMP\005623~1.EXE

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

ok i did exactly what you asked me but i got stuck when you told me to drag and drop the file CFScript... it opened combo fix and it ran but when it says its preparing to run then it says that the date is 1648-4-11 and to download an updated version and then another pop up says Combofix had been unistalled... i cant change the date because of the pop up that i mentioned in the beginning.. what should i do?



Here is my HJT logfile...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06, on 1648-04-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\svchost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: (no name) - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6253\SiteAdv.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "D:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.live...tivex/AXTNS.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)

--
End of file - 8945 bytes

Edited by EZneedshelp, 08 January 2008 - 08:30 PM.

Re-download Combofix please and follow my last instructions and let me know how it goes.

ok restarted the computer and went to setup to change the time (smart huh?) then downloaded again and followed your instructions word by word.... the CFScript disappeared and here are two logs you asked for....


ComboFix 08-01-11.3 - Ezequiel 2008-01-11 21:07:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.47 [GMT -5:00]
Running from: D:\Documents and Settings\Ezequiel\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Ezequiel\Desktop\CFScript.txt
* Created a new restore point

FILE
D:\WINDOWS\system32\Help.ico
D:\WINDOWS\system32\pavas.ico
D:\WINDOWS\system32\Uninstall.ico
D:\WINDOWS\TEMP\005623~1.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\svchost.exe
D:\WINDOWS\system32\Help.ico
D:\WINDOWS\system32\notepad.dll
D:\WINDOWS\system32\pavas.ico
D:\WINDOWS\system32\Uninstall.ico

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-11 21:06 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-11 21:04 . 2008-01-11 21:04 <DIR> d-------- D:\WINDOWS\LastGood
2008-01-11 20:59 . 2008-01-11 20:59 268 --ah----- D:\sqmdata04.sqm
2008-01-11 20:59 . 2008-01-11 20:59 244 --ah----- D:\sqmnoopt04.sqm
2008-01-06 09:50 . 1601-01-01 13:12 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-01-06 09:50 . 2008-01-06 09:50 1,409 --a------ D:\WINDOWS\QTFont.for
2008-01-06 01:49 . 2008-01-06 01:49 <DIR> d-------- D:\Program Files\Common Files\TI Shared
2008-01-06 01:49 . 2004-02-04 11:27 49,536 --a------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2008-01-06 01:49 . 2003-11-14 15:53 11,520 --a------ D:\WINDOWS\system32\drivers\wdmstub.sys
2008-01-06 01:48 . 2007-06-08 13:15 194,362 --a------ D:\WINDOWS\system32\drivers\windrvr6.sys
2008-01-06 01:48 . 2007-06-08 13:15 102,400 --a------ D:\WINDOWS\system32\wdapi811.dll
2008-01-06 01:48 . 2007-01-10 13:23 17,424 --a------ D:\WINDOWS\system32\drivers\ezusb.sys
2008-01-06 01:47 . 2008-01-06 01:48 <DIR> d-------- D:\Program Files\Common Files\Vernier Software
2008-01-06 01:46 . 2008-01-06 01:46 <DIR> d-------- D:\Program Files\Vernier Software
2008-01-06 01:46 . 2008-01-06 01:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-01-06 01:45 . 2008-01-06 01:45 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\InstallShield
2008-01-05 12:04 . 2008-01-05 15:13 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2008-01-02 12:24 . 2008-01-05 15:03 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-02 12:24 . 2008-01-02 12:24 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\SUPERAntiSpyware.com
2008-01-02 12:24 . 2008-01-02 12:24 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-02 12:23 . 2008-01-02 12:23 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 09:57 . 2007-12-31 09:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 23:45 . 2007-12-30 23:45 <DIR> d-------- D:\Program Files\Trend Micro
2007-12-30 01:44 . 2007-12-04 07:54 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-12-30 01:44 . 2007-12-04 09:55 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 01:44 . 2007-12-04 09:56 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 01:44 . 2007-12-04 09:51 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 01:44 . 2007-12-04 09:49 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 01:44 . 2007-12-04 09:53 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 01:42 . 2007-12-30 01:42 <DIR> d-------- D:\Program Files\Alwil Software
2007-12-30 01:42 . 2003-03-18 16:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2007-12-30 01:42 . 2007-12-04 08:04 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-12-30 01:42 . 2004-01-09 04:13 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2007-12-30 01:37 . 2007-12-30 01:50 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\GetRightToGo
2007-12-29 13:07 . 2007-12-29 13:10 <DIR> d-------- D:\Program Files\QuickTime
2007-12-27 21:29 . 2007-12-27 21:29 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2007-12-27 21:29 . 2007-12-28 21:31 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\SiteAdvisor
2007-12-27 21:29 . 2007-12-27 21:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-27 21:20 . 2007-12-27 21:20 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-12-27 19:06 . 1648-04-10 19:08 <DIR> d-------- D:\Program Files\Common Files\McAfee
2007-12-27 18:51 . 1648-04-10 17:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee
2007-12-27 12:33 . 2007-12-27 19:27 2,933,536 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 12:33 . 2007-12-27 19:27 13,856 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-27 12:33 . 2007-12-27 12:33 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-27 12:33 . 2007-12-27 12:33 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 23:21 . 2004-04-27 04:40 11,264 --a------ D:\WINDOWS\system32\SpOrder.dll
2007-12-26 23:21 . 2007-12-27 12:58 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-12-26 23:20 . 2007-12-27 20:18 <DIR> d-------- D:\WINDOWS\Internet Logs
2007-12-26 21:54 . 1601-01-01 13:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 17:41 . 2007-12-26 17:41 <DIR> d-------- D:\Program Files\Conduit
2007-12-26 16:21 . 2007-12-26 16:21 <DIR> d-------- D:\Program Files\AskSBar
2007-12-25 22:45 . 2007-12-26 02:58 <DIR> d-------- D:\Documents and Settings\Ezequiel\Contacts
2007-12-25 21:27 . 2007-12-25 21:28 <DIR> d-------- D:\Program Files\DivX
2007-12-24 13:50 . 2007-12-24 13:56 34,825 --a------ D:\WINDOWS\DIIUnin.dat
2007-12-24 13:49 . 2007-12-24 13:49 94,208 --a------ D:\WINDOWS\DIIUnin.exe
2007-12-24 13:49 . 2007-12-24 13:49 2,829 --a------ D:\WINDOWS\DIIUnin.pif
2007-12-24 13:46 . 2007-12-29 01:21 <DIR> d-------- D:\Program Files\Diablo II
2007-12-23 04:07 . 2007-04-04 17:39 442,368 -ra------ D:\WINDOWS\system32\vp6vfw.dll
2007-12-22 10:16 . 2007-12-22 10:16 <DIR> d-------- D:\Program Files\Common Files\Blizzard Entertainment
2007-12-17 11:00 . 1601-01-01 13:09 <DIR> d-------- D:\Program Files\Yahoo!
2007-12-17 11:00 . 2007-12-17 11:00 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\Yahoo!
2007-12-17 10:59 . 2007-12-17 10:59 <DIR> d-------- D:\WINDOWS\cache
2007-12-14 22:49 . 2007-12-14 22:49 268 --ah----- D:\sqmdata00.sqm
2007-12-14 22:49 . 2007-12-14 22:49 244 --ah----- D:\sqmnoopt00.sqm
2007-12-14 22:43 . 1601-01-01 13:06 <DIR> d-------- D:\Program Files\Windows Live Toolbar
2007-12-14 22:43 . 2007-12-14 22:43 <DIR> d-------- D:\Program Files\Windows Live Favorites
2007-12-14 22:27 . 2007-12-14 22:40 <DIR> d-------- D:\Program Files\Windows Live
2007-12-14 22:27 . 2007-12-14 22:39 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2007-12-14 22:20 . 2007-12-14 22:27 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 17:31 --------- d-sh--w D:\Documents and Settings\Ezequiel\Application Data\.#
2007-12-27 17:31 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 21:22 --------- d-----w D:\Program Files\FrostWire
2007-12-24 18:56 21,840 ----atw D:\WINDOWS\system32\SIntfNT.dll
2007-12-24 18:56 17,212 ----atw D:\WINDOWS\system32\SIntf32.dll
2007-12-24 18:56 12,067 ----atw D:\WINDOWS\system32\SIntf16.dll
2007-12-23 23:32 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-14 01:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 23:30 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-10 01:52 --------- d-----w D:\Program Files\Safari
2007-12-10 01:52 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\Apple Computer
2007-12-10 01:30 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\FrostWire
2007-12-05 11:36 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\Azureus
2007-12-04 21:28 --------- d-----w D:\Program Files\uTorrent
2007-12-04 01:33 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w D:\WINDOWS\system32\DivX.dll
2007-12-03 05:27 --------- d-----w D:\Program Files\Microsoft Games
2007-12-03 02:25 --------- d-----w D:\Program Files\MSXML 4.0
2007-11-29 22:30 524,288 ----a-w D:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll
2007-11-28 21:55 156,992 ----a-w D:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:52 12,288 ----a-w D:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-24 17:44 --------- d-----w D:\Program Files\Xvid
2007-11-22 03:05 --------- d-----w D:\Program Files\iTunes
2007-11-22 03:05 --------- d-----w D:\Program Files\iPod
2007-11-22 02:56 --------- d-----w D:\Program Files\Apple Software Update
2007-11-22 02:52 --------- d-----w D:\Program Files\Common Files\Apple
2007-11-22 02:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-11-21 01:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-21 00:01 --------- d-----w D:\Program Files\MSBuild
2007-11-21 00:01 --------- d-----w D:\Program Files\Microsoft Works
2007-11-20 23:46 --------- d-----w D:\Program Files\MagicDisc
2007-11-18 21:53 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\LimeWire
2007-11-18 21:31 --------- d-----w D:\Program Files\Common Files\Java
2007-11-18 21:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus
2007-11-18 21:10 685,816 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2007-11-18 20:02 --------- d-----w D:\Program Files\Common Files\Motive
2007-11-18 07:09 --------- d-----w D:\Program Files\Java
2007-11-18 07:02 --------- d-----w D:\Program Files\DAEMON Tools
2007-11-17 08:55 --------- d-----w D:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 18:03 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-29 22:43 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-27 22:39 230,912 ----a-w D:\WINDOWS\system32\wmasf.dll
2007-10-18 16:31 51,224 ----a-w D:\WINDOWS\system32\sirenacm.dll
2007-10-17 11:24 2,526,800 ----a-w D:\WINDOWS\Install_B4Playing.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-12-26 16:21 66912 --a------ D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-26 16:21 267592 --a------ D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{A33FA729-D155-4B23-842B-2C665ECABDB6}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-26 16:21 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 06:53 171464]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 04:11 132496]
"SiteAdvisor"="D:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"LogonStudio"="D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [2007-11-20 18:46:35]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="D:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKLM\~\startupfolder\D:^Documents and Settings^Ezequiel^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=D:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Ezequiel^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=D:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;D:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
R3 WinDriver6;WinDriver6;D:\WINDOWS\system32\drivers\windrvr6.sys [2007-06-08 13:15]
S3 pnicII;Linksys Fast Ethernet PCI Card;D:\WINDOWS\system32\DRIVERS\lne100.SYS [2001-08-17 15:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53b931c0-b346-11dc-b2b0-00183af4f9c5}]
\Shell\Auto\command - F:\Setup.exe
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d796344-9c9e-11dc-b27e-00183af4f9c5}]
\Shell\AutoRun\command - I:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ea1ba43-6c1f-1014-85c4-b9f2c719bf38}]
\Shell\Auto\command - Setup.exe
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 00:59:08 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-07 00:45:14 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-28 00:07:24 D:\WINDOWS\Tasks\McDefragTask.job"
- d:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-28 00:07:21 D:\WINDOWS\Tasks\McQcTask.job"
- d:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 21:11:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 21:13:33
ComboFix-quarantined-files.txt 2008-01-12 02:13:22
ComboFix2.txt 2008-01-06 12:05:28
.
2007-12-23 23:33:49 --- E O F ---










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6253\SiteAdv.dll (file missing)
O3 - Toolbar: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "D:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} - http://download.live...tivex/AXTNS.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)

--
End of file - 7235 bytes

Edited by EZneedshelp, 11 January 2008 - 08:23 PM.

Everything looks good. Still having any problems?

no i still have that black screen come up and the pop-up appear.... i cant add or remove programs and anything thats not a folder i cant open like change the date, diplay settings, properties... that screen just comes up when i try......

Hmm... Let's give this a try.

Open HijackThis and fix this:
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6253\SiteAdv.dll (file missing)

Then close HJT.

If you still have Combofix, delete Combofix.exe.

Then download the new version here:
http://subs.geekstogo.com/ComboFix.exe

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
D:\sqmdata04.sqm
D:\sqmnoopt04.sqm
D:\WINDOWS\QTFont.qfn
D:\WINDOWS\QTFont.for
D:\sqmdata00.sqm
D:\sqmnoopt00.sqm
D:\WINDOWS\Install_B4Playing.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

ok i did what you asked but that pop-up still bothers me and its like i dont administative privileges maybe? well here's what you asked for..............


ComboFix 08-01-15.1 - Ezequiel 2008-01-14 16:17:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.57 [GMT -5:00]
Running from: D:\Documents and Settings\Ezequiel\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Ezequiel\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
D:\sqmdata00.sqm
D:\sqmdata04.sqm
D:\sqmnoopt00.sqm
D:\sqmnoopt04.sqm
D:\WINDOWS\Install_B4Playing.exe
D:\WINDOWS\QTFont.for
D:\WINDOWS\QTFont.qfn
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\sqmdata00.sqm
D:\sqmdata04.sqm
D:\sqmnoopt00.sqm
D:\sqmnoopt04.sqm
D:\WINDOWS\Install_B4Playing.exe
D:\WINDOWS\QTFont.for
D:\WINDOWS\QTFont.qfn

.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-12 10:22 . 2008-01-12 10:22 1,374 --a------ D:\WINDOWS\imsins.BAK
2008-01-11 21:06 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-06 01:49 . 2008-01-06 01:49 <DIR> d-------- D:\Program Files\Common Files\TI Shared
2008-01-06 01:49 . 2004-02-04 11:27 49,536 --a------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2008-01-06 01:49 . 2003-11-14 15:53 11,520 --a------ D:\WINDOWS\system32\drivers\wdmstub.sys
2008-01-06 01:48 . 2007-06-08 13:15 194,362 --a------ D:\WINDOWS\system32\drivers\windrvr6.sys
2008-01-06 01:48 . 2007-06-08 13:15 102,400 --a------ D:\WINDOWS\system32\wdapi811.dll
2008-01-06 01:48 . 2007-01-10 13:23 17,424 --a------ D:\WINDOWS\system32\drivers\ezusb.sys
2008-01-06 01:47 . 2008-01-06 01:48 <DIR> d-------- D:\Program Files\Common Files\Vernier Software
2008-01-06 01:46 . 2008-01-06 01:46 <DIR> d-------- D:\Program Files\Vernier Software
2008-01-06 01:46 . 2008-01-06 01:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-01-06 01:45 . 2008-01-06 01:45 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\InstallShield
2008-01-05 12:04 . 2008-01-05 15:13 <DIR> d-------- D:\WINDOWS\system32\ActiveScan
2008-01-02 12:24 . 2008-01-05 15:03 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-01-02 12:24 . 2008-01-02 12:24 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\SUPERAntiSpyware.com
2008-01-02 12:24 . 2008-01-02 12:24 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-02 12:23 . 2008-01-02 12:23 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 09:57 . 2007-12-31 09:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 23:45 . 2007-12-30 23:45 <DIR> d-------- D:\Program Files\Trend Micro
2007-12-30 01:44 . 2007-12-04 07:54 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-12-30 01:44 . 2007-12-04 09:55 94,544 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 01:44 . 2007-12-04 09:56 93,264 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 01:44 . 2007-12-04 09:51 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 01:44 . 2007-12-04 09:49 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 01:44 . 2007-12-04 09:53 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 01:42 . 2007-12-30 01:42 <DIR> d-------- D:\Program Files\Alwil Software
2007-12-30 01:42 . 2003-03-18 16:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2007-12-30 01:42 . 2007-12-04 08:04 837,496 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-12-30 01:42 . 2004-01-09 04:13 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
2007-12-30 01:37 . 2007-12-30 01:50 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\GetRightToGo
2007-12-29 13:07 . 2007-12-29 13:10 <DIR> d-------- D:\Program Files\QuickTime
2007-12-27 21:29 . 2007-12-27 21:29 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2007-12-27 21:29 . 2007-12-28 21:31 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\SiteAdvisor
2007-12-27 21:29 . 2007-12-27 21:29 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-27 21:20 . 2007-12-27 21:20 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-12-27 19:06 . 1648-04-10 19:08 <DIR> d-------- D:\Program Files\Common Files\McAfee
2007-12-27 18:51 . 1648-04-10 17:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee
2007-12-27 12:33 . 2007-12-27 19:27 2,933,536 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 12:33 . 2007-12-27 19:27 13,856 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-27 12:33 . 2007-12-27 12:33 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-27 12:33 . 2007-12-27 12:33 32 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 23:21 . 2004-04-27 04:40 11,264 --a------ D:\WINDOWS\system32\SpOrder.dll
2007-12-26 23:21 . 2007-12-27 12:58 4,212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-12-26 23:20 . 2007-12-27 20:18 <DIR> d-------- D:\WINDOWS\Internet Logs
2007-12-26 21:54 . 1601-01-01 13:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 17:41 . 2007-12-26 17:41 <DIR> d-------- D:\Program Files\Conduit
2007-12-26 16:21 . 2007-12-26 16:21 <DIR> d-------- D:\Program Files\AskSBar
2007-12-25 22:45 . 2008-01-12 11:30 <DIR> d-------- D:\Documents and Settings\Ezequiel\Contacts
2007-12-25 21:27 . 2007-12-25 21:28 <DIR> d-------- D:\Program Files\DivX
2007-12-24 13:50 . 2007-12-24 13:56 34,825 --a------ D:\WINDOWS\DIIUnin.dat
2007-12-24 13:49 . 2007-12-24 13:49 94,208 --a------ D:\WINDOWS\DIIUnin.exe
2007-12-24 13:49 . 2007-12-24 13:49 2,829 --a------ D:\WINDOWS\DIIUnin.pif
2007-12-24 13:46 . 2007-12-29 01:21 <DIR> d-------- D:\Program Files\Diablo II
2007-12-23 04:07 . 2007-04-04 17:39 442,368 -ra------ D:\WINDOWS\system32\vp6vfw.dll
2007-12-22 10:16 . 2007-12-22 10:16 <DIR> d-------- D:\Program Files\Common Files\Blizzard Entertainment
2007-12-17 11:00 . 1601-01-01 13:09 <DIR> d-------- D:\Program Files\Yahoo!
2007-12-17 11:00 . 2007-12-17 11:00 <DIR> d-------- D:\Documents and Settings\Ezequiel\Application Data\Yahoo!
2007-12-17 10:59 . 2007-12-17 10:59 <DIR> d-------- D:\WINDOWS\cache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 17:31 --------- d-sh--w D:\Documents and Settings\Ezequiel\Application Data\.#
2007-12-27 17:31 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 21:22 --------- d-----w D:\Program Files\FrostWire
2007-12-24 18:56 21,840 ----atw D:\WINDOWS\system32\SIntfNT.dll
2007-12-24 18:56 17,212 ----atw D:\WINDOWS\system32\SIntf32.dll
2007-12-24 18:56 12,067 ----atw D:\WINDOWS\system32\SIntf16.dll
2007-12-23 23:32 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-15 03:43 --------- d-----w D:\Program Files\Windows Live Favorites
2007-12-15 03:40 --------- d-----w D:\Program Files\Windows Live
2007-12-15 03:39 --------- dcsh--w D:\Program Files\Common Files\WindowsLiveInstaller
2007-12-15 03:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-14 01:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 23:30 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-12-10 01:52 --------- d-----w D:\Program Files\Safari
2007-12-10 01:52 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\Apple Computer
2007-12-10 01:30 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\FrostWire
2007-12-05 11:36 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\Azureus
2007-12-04 21:28 --------- d-----w D:\Program Files\uTorrent
2007-12-04 01:33 823,296 ----a-w D:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w D:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w D:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w D:\WINDOWS\system32\DivX.dll
2007-12-03 05:27 --------- d-----w D:\Program Files\Microsoft Games
2007-12-03 02:25 --------- d-----w D:\Program Files\MSXML 4.0
2007-11-29 22:30 524,288 ----a-w D:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll
2007-11-28 21:55 156,992 ----a-w D:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:52 12,288 ----a-w D:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-24 17:44 --------- d-----w D:\Program Files\Xvid
2007-11-22 03:05 --------- d-----w D:\Program Files\iTunes
2007-11-22 03:05 --------- d-----w D:\Program Files\iPod
2007-11-22 02:56 --------- d-----w D:\Program Files\Apple Software Update
2007-11-22 02:52 --------- d-----w D:\Program Files\Common Files\Apple
2007-11-22 02:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-11-21 01:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-21 00:01 --------- d-----w D:\Program Files\MSBuild
2007-11-21 00:01 --------- d-----w D:\Program Files\Microsoft Works
2007-11-20 23:46 --------- d-----w D:\Program Files\MagicDisc
2007-11-18 21:53 --------- d-----w D:\Documents and Settings\Ezequiel\Application Data\LimeWire
2007-11-18 21:31 --------- d-----w D:\Program Files\Common Files\Java
2007-11-18 21:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus
2007-11-18 21:10 685,816 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2007-11-18 20:02 --------- d-----w D:\Program Files\Common Files\Motive
2007-11-18 07:09 --------- d-----w D:\Program Files\Java
2007-11-18 07:02 --------- d-----w D:\Program Files\DAEMON Tools
2007-11-17 08:55 --------- d-----w D:\Program Files\microsoft frontpage
2007-11-07 09:26 721,920 ----a-w D:\WINDOWS\system32\lsasrv.dll
2007-10-31 18:03 245,408 ----a-w D:\WINDOWS\system32\unicows.dll
2007-10-29 22:43 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-27 22:39 230,912 ----a-w D:\WINDOWS\system32\wmasf.dll
2007-10-18 16:31 51,224 ----a-w D:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-11_21.13.02.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w D:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2008-01-12 02:07:17 1,404,928 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 21:16:53 1,404,928 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-12 02:07:17 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 21:16:53 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-12 02:07:17 1,404,928 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 21:16:53 1,404,928 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-12 02:07:17 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 21:16:53 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-12 02:07:18 3,915,776 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 21:16:54 3,997,696 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-12 02:07:18 151,552 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 21:16:54 151,552 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-12 02:04:45 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-14 21:07:21 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-12 02:04:45 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-14 21:07:21 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-12 02:04:45 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-14 21:07:21 32,768 --sha-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-17 12:28:27 721,920 -c--a-w D:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w D:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c--a-w D:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w D:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-04-20 11:51:50 359,808 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:05 18,684,536 ----a-w D:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w D:\WINDOWS\system32\MRT.exe
- 2005-10-12 23:12:25 14,048 ------w D:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:36 14,048 ------w D:\WINDOWS\system32\spmsg.dll
+ 2008-01-14 21:01:35 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_598.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-12-26 16:21 66912 --a------ D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-26 16:21 267592 --a------ D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{A33FA729-D155-4B23-842B-2C665ECABDB6}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-12-26 16:21 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 06:53 171464]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 04:11 132496]
"SiteAdvisor"="D:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"LogonStudio"="D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]

D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [2007-11-20 18:46:35]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="D:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKLM\~\startupfolder\D:^Documents and Settings^Ezequiel^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=D:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Ezequiel^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=D:\Documents and Settings\Ezequiel\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=D:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;D:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 22:04]
R3 WinDriver6;WinDriver6;D:\WINDOWS\system32\drivers\windrvr6.sys [2007-06-08 13:15]
S3 pnicII;Linksys Fast Ethernet PCI Card;D:\WINDOWS\system32\DRIVERS\lne100.SYS [2001-08-17 15:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53b931c0-b346-11dc-b2b0-00183af4f9c5}]
\Shell\Auto\command - F:\Setup.exe
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d796344-9c9e-11dc-b27e-00183af4f9c5}]
\Shell\AutoRun\command - I:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ea1ba43-6c1f-1014-85c4-b9f2c719bf38}]
\Shell\Auto\command - Setup.exe
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 00:59:04 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-14 12:45:22 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-28 00:07:24 D:\WINDOWS\Tasks\McDefragTask.job"
- d:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-28 00:07:21 D:\WINDOWS\Tasks\McQcTask.job"
- d:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 16:21:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 16:22:34
ComboFix-quarantined-files.txt 2008-01-15 21:22:23
ComboFix2.txt 2008-01-12 02:13:33
ComboFix3.txt 2008-01-06 12:05:28
.
2008-01-12 15:25:57 --- E O F ---







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27, on 2008-01-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "D:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} - http://download.live...tivex/AXTNS.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30E3C4DC-4760-462A-BC98-06B48C9FF6A5}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)

--
End of file - 7153 bytes

Hi again.

Open HijackThis and fix this:
O3 - Toolbar: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)

Then find and delete this file:
D:\WINDOWS\imsins.BAK

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Hello again.....



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-17 06:34
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 512527
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 93087
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 06:08:30

Infected Object Name / Virus Name / Last Action
C:\2828abdb2788342467\$shtdwn$.req Object is locked skipped
C:\2828abdb2788342467\sp1qfe\bitsinst.exe Object is locked skipped
C:\2828abdb2788342467\sp1qfe\bitsprx2.dll Object is locked skipped
C:\2828abdb2788342467\sp1qfe\bitsprx3.dll Object is locked skipped
C:\2828abdb2788342467\sp1qfe\qmgr.dll Object is locked skipped
C:\2828abdb2788342467\sp1qfe\qmgrprxy.dll Object is locked skipped
C:\2828abdb2788342467\sp1qfe\winhttp.dll Object is locked skipped
C:\2828abdb2788342467\sp1qfe\xpob2res.dll Object is locked skipped
C:\2828abdb2788342467\spmsg.dll Object is locked skipped
C:\2828abdb2788342467\spuninst.exe Object is locked skipped
C:\2828abdb2788342467\update\branches.inf Object is locked skipped
C:\2828abdb2788342467\update\eula.txt Object is locked skipped
C:\2828abdb2788342467\update\KB842773.CAT Object is locked skipped
C:\2828abdb2788342467\update\spcustom.dll Object is locked skipped
C:\2828abdb2788342467\update\update.exe Object is locked skipped
C:\2828abdb2788342467\update\update.ver Object is locked skipped
C:\2828abdb2788342467\update\updatebr.inf Object is locked skipped
C:\2828abdb2788342467\update\update_SP1QFE.inf Object is locked skipped
C:\b238031909bdb12c786fdd\sp2\spmsg.dll Object is locked skipped
C:\b238031909bdb12c786fdd\sp2\spuninst.exe Object is locked skipped
C:\b238031909bdb12c786fdd\sp2\update\eula.txt Object is locked skipped
C:\b238031909bdb12c786fdd\sp2\update\spcustom.dll Object is locked skipped
C:\b238031909bdb12c786fdd\sp2\update\update.exe Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\common\eula.txt Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\common\spcustom.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\common\spmsg.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\common\spuninst.exe Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\common\update.exe Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp1\ole32.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp1\rpcrt4.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp1\rpcss.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp1\update\kb823980.cat Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp1\update\update.inf Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp1\update\update.ver Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\ole32.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\rpcrt4.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\rpcss.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\spmsg.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\spuninst.exe Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\update\eula.txt Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\update\kb823980.cat Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\update\spcustom.dll Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\update\update.exe Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\update\update.inf Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\sp2\update\update.ver Object is locked skipped
C:\bdc76d48cbf44a20025d835c9904\xpsp1hfm.exe Object is locked skipped
C:\c57adc8d843ebfcb19c1ca7d5ece\sp2\spmsg.dll Object is locked skipped
C:\c57adc8d843ebfcb19c1ca7d5ece\sp2\spuninst.exe Object is locked skipped
C:\c57adc8d843ebfcb19c1ca7d5ece\sp2\update\eula.txt Object is locked skipped
C:\c57adc8d843ebfcb19c1ca7d5ece\sp2\update\spcustom.dll Object is locked skipped
C:\c57adc8d843ebfcb19c1ca7d5ece\sp2\update\update.exe Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\0\0201D233DE Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\0201D205A1 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\0201D21903 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\0201D22125 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\0201D233DE Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\0201D23CD8 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\0201E08475 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\06F033E7A3E04804E54147AD4BC76EBC Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\2B0000010F Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\2B000004A4 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\2B00001F0B Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\5B2B80EC2ADBA5E351C2E02A4AA3718D Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\6014266140B6A985A1863D01DE4CF940 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\64FD9D460332E1CCE7FC112982F913CD Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\72B3067B9F97E39F7AB1356C409FF384 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1\F1B347917A28FEBE805EA42B61F9D886 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1024\0201D205D4 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1024\0201E05FA4 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1024\2B000001B7 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\1024\2B0000023C Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\129\0201D210D1 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\129\0201D211B8 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\129\0201D215F1 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\129\0201D2530B Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\129\2B000013F1 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\129\2B0000144F Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\129\2B00001BCB Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\131\0201D2A6CC Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\131\2B000009C6 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\131\2B0000104B Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\3\2B000009C6 Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\3\2B0000104B Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\bart\5\2B00001F0B Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\users\ez3qui3l\buddyicon Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\users\ez3qui3l\feedbag Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\caches\users\pokeman41\buddyicon Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\user\Application Data\acccore\nss\secmod.db Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\6.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\6.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\AdobeSysFnt08.lst Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.js Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\Synchronizer\adobesynchronizersu80 Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata\Synchronizer80 Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\TMDocs.sav Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\user\Application Data\Adobe\Photoshop Album\3.0\Logse30.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Apple Computer\iTunes\CD Info.cidb Object is locked skipped
C:\Documents and Settings\user\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\Documents and Settings\user\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\.certs Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\.keystore Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\.lock Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\active\6B8E140C0CCB84441E3B47FDF04A76516BE4F2FF.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\active\6B8E140C0CCB84441E3B47FDF04A76516BE4F2FF.dat.bak Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\azureus.config Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\azureus.config.bak Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\azureus.statistics Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\azureus.statistics.bak Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\dht\addresses.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\dht\contacts.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\dht\diverse.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\dht\version.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\downloads.config Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\downloads.config.bak Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\ipfilter.cache Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\alerts_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\debug_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_alerts_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_debug_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_seltrace_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_SpeedMan_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_thread_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_v3.ads_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_v3.CMsgr_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_v3.PMsgr_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\save\1195014126771_v3.Stream_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\seltrace_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\SpeedMan_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\thread_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\v3.ads_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\v3.CMsgr_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\v3.PMsgr_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\logs\v3.Stream_1.log Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\net\pm_6389.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\net\pm_default.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tmp\AZU50965.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tmp\AZU50966.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tmp\AZU50967.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tmp\AZU50968.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tmp\AZU50969.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tmp\AZU50970.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tmp\AZU50971.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tmp\AZU50972.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\torrents\AZU6503.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\torrents\ZoneAlarm_Internet_Security_Suite_7.0.722___keygen.3621107.TPB[1].torrent Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tracker.config Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\tracker.config.bak Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\unsentdata.config Object is locked skipped
C:\Documents and Settings\user\Application Data\Azureus\unsentdata.config.bak Object is locked skipped
C:\Documents and Settings\user\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\user\Application Data\Internet Download Accelerator\history.xml Object is locked skipped
C:\Documents and Settings\user\Application Data\Internet Download Accelerator\lists\advsheduler.sxml Object is locked skipped
C:\Documents and Settings\user\Application Data\Internet Download Accelerator\lists\default.xml Object is locked skipped
C:\Documents and Settings\user\Application Data\Internet Download Accelerator\nodelist.xml Object is locked skipped
C:\Documents and Settings\user\Application Data\Internet Download Accelerator\nodelist.xmlc Object is locked skipped
C:\Documents and Settings\user\Application Data\Internet Download Accelerator\temp\SaveToComboBox.hnt Object is locked skipped
C:\Documents and Settings\user\Application Data\Internet Download Accelerator\temp\URLComboBox.hnt Object is locked skipped
C:\Documents and Settings\user\Application Data\Leadertech\PowerRegister\PowerReg.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\70.86.242.98\DTGame.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\adtraff.com\flowvast.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\battleon.com\lore.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\bin.clearspring.com\clearspring.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\bluedragon.battleon.com\game2L8\gamefiles\game.swf\DFUserPref.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\cartoonetwork.com\CN_users.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\cartoonnetwork.com\CN_users.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\chadsspace.com\flash.swf\flashSharedObject.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\comcast.net\comcastAssistantScores.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\content.heavy.com\channels\browserling3.swf\TestMovie_Config_Info.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\disney.go.com\disneychannel\dcGlobalNav.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\disney.go.com\disneychannel\dcGlobalNavTicker.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\disney.go.com\disneychannel\dcOAP.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\disney.go.com\disneychannel\dcSynergy.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\disney.go.com\disneychannel\KimpossibleEmailTicker.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\disney.go.com\disneychannel\KimpossiblePhotoGallery.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\dragonfable.battleon.com\game3_14\gamefiles\game.swf\DFUserPref.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\fifaworldcup.yahoo.com\06\en\t\mcast\fifaworld.swf\MatchCast.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\flash.ngfiles.com\bytesize\bytesize_viewer.swf\bytesize.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\flickr.com\slideShow\slideShow.swf\slideShowMS.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\freehostia.com\myspace.swf\mybuddy.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\freeonlinegames.com\1149455836\games\urban_slug\urbanslug.swf\urbanslugstats.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\funbumper.com\games\n-game.swf\n_data.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\i.cartoonnetwork.com\CN_users.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\jibjab.com\randomjoke.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\l.yimg.com\LCOMMENGINEMGR.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\localhost\AVPrefs.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\localhost\core.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\login.yahoo.com\loginCache.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\macromedia.com\redirectSO.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\miniclip.com\swfcontent\push\rotator.swf\MiniclipFeaturedGame.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\miniclip.com\swfcontent\topgames.swf\MiniclipFeaturedGameHomepage.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\mochibot.com\com.mochibot.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\sodahead.com\enc_data.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\static.userplane.com\presence\m\presence.swf\presence.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\static.userplane.com\presence\presence.swf\presence_1.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\traffic.com\userSO.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\us.i1.yimg.com\vidPlayer.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\video.redorbit.com\player_v2\redorbit_large.swf\Instream.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\warnerbros.com\harrypotter\us\madeyemoody\swf\madEye_game.swf\HarryPotterMadEye.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.atlanticrecords.com\songData.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.cartoonnetwork.com\CN_users.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.comcast.net\silva6865.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.comedycentral.com\motherload\mini\motherload_mini_host.swf\UserPrefs.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.comedycentral.com\motherload\motherload.swf\UserPrefs.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.heavy.com\channels\Cover.swf\TestMovie_Config_Info.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.heavy.com\channels\cover3.swf\TestMovie_Config_Info.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.heavy.com\channels\offsitecover.swf\TestMovie_Config_Info.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.heavy.com\players\FLVPlayer.swf\TestMovie_Config_Info.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.jibjab.com\randomjoke.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.mtv.com\overdrive\Overdrive.1.5.swf\UserPrefs.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.nick.com\turbonick\sidebar\main.swf\UserPrefs.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.youtube.com\timeDisplayConfig.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\www.youtube.com\videostats.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\BG24DTKS\youtube.com\videostats.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#70.86.242.98\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adtraff.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#battleon.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bluedragon.battleon.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cartoonetwork.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cartoonnetwork.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#chadsspace.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#comcast.net\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#content.heavy.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#disney.go.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dragonfable.battleon.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fifaworldcup.yahoo.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.ngfiles.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flickr.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#freehostia.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#freeonlinegames.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#funbumper.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i.cartoonnetwork.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#jibjab.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lads.myspace.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lego.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macromedia.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#miniclip.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#nick.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pokemon-games.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pokemon-tcg.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pokemon.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sodahead.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.userplane.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#traffic.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ungrounded.net\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.i1.yimg.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.redorbit.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#warnerbros.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.atlanticrecords.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.cartoonnetwork.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.comcast.net\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.comedycentral.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.heavy.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.jibjab.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mtv.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.nick.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\dirapi.mch Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Prefs\MV3JZRZT\2F2FGame.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Prefs\MV3JZRZT\DetoGame.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Prefs\MV3JZRZT\dokprefname.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Prefs\MV3JZRZT\GRN-GH-444.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Prefs\MV3JZRZT\GRN-GH-4441i.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Prefs\MV3JZRZT\puffer.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Shockwave Log Object is locked skipped
C:\Documents and Settings\user\Application Data\MailFrontier\buddyUI.xml Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Address Book\user.wab Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Address Book\user.wa~ Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Clip Organizer\mstore10.mgc Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Clip Organizer\Offic10.MGC Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Credentials\S-1-5-21-1645522239-436374069-1957994488-1003\Credentials Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1645522239-436374069-1957994488-1003\146482325737612d5fbcd71839d49d49_ab2184a7-d3b1-4586-8e09-c85804df5ec9 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1645522239-436374069-1957994488-1003\40f6607c62aacd402d29e07abf974d59_ab2184a7-d3b1-4586-8e09-c85804df5ec9 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1645522239-436374069-1957994488-1003\65dba0f110c5574d44890fc7f2abbda5_ab2184a7-d3b1-4586-8e09-c85804df5ec9 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1645522239-436374069-1957994488-1003\83aa4cc77f591dfc2374580bbd95f6ba_ab2184a7-d3b1-4586-8e09-c85804df5ec9 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1645522239-436374069-1957994488-1003\9580d41f9fe5955aae43cac3c1301523_ab2184a7-d3b1-4586-8e09-c85804df5ec9 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1645522239-436374069-1957994488-1003\f58155b4b1d5a524ca0261c3ee99fb50_ab2184a7-d3b1-4586-8e09-c85804df5ec9 Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\LastFlashConfig.WFC Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Media Player\0005D208.wpl Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Media Player\OfflineUpdates.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\MMC\dfrg Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Movie Maker\Windows Movie Maker.COL Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Access10.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Excel10.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\fbc16.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\fbc1D.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\fbc7.tmp Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\FP10.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Imagin10.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\MSO1036.acl Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\MSO3082.acl Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\MSOut10.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\MSOut11.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Organi10.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\PowerP10.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\PowerP11.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Publis11.pip Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\1033.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\3½ Floppy (A).LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Age of Empires II.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Agriculture Project.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Autobiography.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Chocolate is it good for Health.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\chocolate1.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\chocolate2.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Collage.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Conjectures.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Cover page.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Desktop.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Diablo II CD keys.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Diablo II.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Elegant Letter.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\EULA.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\ex5[1].LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Factoring Polynomials.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\fUNNY wOMAN sTUFF.LNK Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\Genetic Disorder Report Illustrations.LNK Object is locked s