Hello, new poster here. My computer has been getting constant pop ups of corrupt files to run chkdsk and what-not. The files work just fine but I still keep getting these messages, I run the chkdsk utility and it says the drives are locked. I run them during the restart, but the weird thing, is it zips through the test in a matter of seconds, and it says complete. I run CCleaner daily along with Avira Antivirus, Spybot S&D, and Spyware Killer Pro.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:16 PM, on 2/4/2009
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\Program Files\Mozilla Firefox\firefox.exe
D:\Turbine Download Manager\TurbineMessageService.exe
D:\Turbine Download Manager\TurbineNetworkService.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - E:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190950710218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229655433890
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - D:\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - D:\Turbine Download Manager\TurbineNetworkService.exe

--
End of file - 5683 bytes


Now onto the Malwarebytes problem. I've been getting these same infections for weeks, even while running in safe mode. Thanks for your time.


Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 3, v.3311

2/4/2009 8:21:52 PM
mbam-log-2009-02-04 (20-21-52).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 117577
Time elapsed: 1 hour(s), 11 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: e:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
E:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot.

anyone out there?

Don't know about out there, but I'm in here now

1 hour is not very much time to give someone. This is a free service and software we provide to clean your system, please try to be patient and we'll get you cleaned up. When replying please click on the ADDreply button and not the REPLY button. Thanks.


Please run the following.

Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.
• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Excuse my poor forum etiquette, I apologize. Here is the combofix log.

ComboFix 09-02-05.01 - Dan Tilley 2009-02-05 21:07:34.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.293 [GMT -8:00]
Running from: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\drivers\TDSSserv.sys
e:\windows\system32\tdssadw.dll
e:\windows\system32\TDSSerrors.log
e:\windows\system32\tdssinit.dll
e:\windows\system32\TDSSl.dll
e:\windows\system32\TDSSlog.dll
e:\windows\system32\tdssmain.dll
e:\windows\system32\TDSSserf.dll
e:\windows\system32\TDSSserf1.dll
e:\windows\system32\TDSSservers.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv


((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.

2009-02-05 07:43 . 2009-02-05 07:43 <DIR> d-------- e:\program files\Google
2009-02-05 07:30 . 2009-02-05 07:30 <DIR> d-------- e:\documents and settings\A New Beginning\Application Data\Malwarebytes
2009-02-04 19:24 . 2009-02-04 19:24 <DIR> d-------- e:\program files\Trend Micro
2009-02-04 18:53 . 2009-02-04 18:53 <DIR> d-------- e:\program files\Opera
2009-02-03 14:56 . 2009-02-03 14:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\Turbine
2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\program files\Avira
2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\documents and settings\All Users\Application Data\Avira
2009-01-28 22:51 . 2008-03-03 14:25 5,702 --ah----- e:\windows\nod32restoretemdono.reg
2009-01-28 22:51 . 2008-03-03 18:21 568 --ah----- e:\windows\nod32fixtemdono.reg
2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\program files\ESET
2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\documents and settings\All Users\Application Data\ESET
2009-01-28 22:27 . 2009-01-28 22:27 <DIR> d-------- e:\program files\LimeWire
2009-01-28 22:05 . 2009-01-28 22:05 <DIR> d-------- e:\program files\iolo
2009-01-28 22:05 . 2008-04-17 09:45 9,341 --a------ e:\windows\system32\drivers\filedisk.sys
2009-01-28 22:02 . 2009-01-28 22:02 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\iolo
2009-01-27 11:27 . 2009-01-27 11:27 <DIR> d-------- e:\program files\common files\Blizzard Entertainment
2009-01-26 17:56 . 2009-01-26 17:56 61,440 --a------ e:\windows\system32\drivers\hcpa.sys
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\program files\SUPERAntiSpyware
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\SUPERAntiSpyware.com
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-25 11:44 . 2009-01-25 11:44 <DIR> d-------- e:\program files\common files\Wise Installation Wizard
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Malwarebytes
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 01:51 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 01:51 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2009-01-24 12:57 . 2009-01-24 02:47 15,688 --a------ e:\windows\system32\lsdelete.exe
2009-01-24 03:24 . 2009-01-24 02:46 64,160 --a------ e:\windows\system32\drivers\Lbd.sys
2009-01-24 02:56 . 2009-01-24 02:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\PC Tools
2009-01-24 02:43 . 2009-01-24 02:43 <DIR> d--h----- e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 02:41 . 2009-01-24 02:41 <DIR> d-------- e:\program files\Lavasoft
2009-01-23 17:55 . 2008-04-17 13:12 107,368 --a------ e:\windows\system32\GEARAspi.dll
2009-01-23 17:55 . 2008-04-17 13:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\program files\common files\Apple
2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- e:\program files\Bonjour
2009-01-22 14:58 . 2009-01-22 14:58 <DIR> d-------- e:\program files\common files\Adobe
2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\Microsoft Works
2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\common files\L&H
2009-01-21 12:32 . 2009-01-22 10:58 376 --a------ e:\windows\ODBC.INI
2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\program files\CCleaner
2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Yahoo!
2009-01-20 18:36 . 2009-01-20 18:36 <DIR> d--hs---- E:\FOUND.000
2009-01-20 11:49 . 2009-01-20 11:49 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\PC Tools
2009-01-20 11:49 . 2007-10-18 00:16 79,688 --a------ e:\windows\system32\drivers\iksyssec.sys
2009-01-20 11:49 . 2007-10-18 00:15 62,280 --a------ e:\windows\system32\drivers\iksysflt.sys
2009-01-20 11:49 . 2007-10-18 00:14 41,288 --a------ e:\windows\system32\drivers\ikfilesec.sys
2009-01-20 11:49 . 2007-10-18 00:16 29,000 --a------ e:\windows\system32\drivers\kcom.sys
2009-01-19 19:15 . 2009-01-19 19:15 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Yahoo
2009-01-17 09:12 . 2009-01-17 09:12 <DIR> d-------- e:\program files\RegScrubXP
2009-01-15 04:46 . 2009-01-24 02:25 1,502,720 --a------ e:\windows\goInstaller.exe
2009-01-15 04:45 . 2009-01-15 04:45 <DIR> d-------- e:\program files\Cosmi
2009-01-14 09:33 . 2004-06-01 07:55 1,896,484 --a------ e:\windows\system32\mCodexAPI.dll
2009-01-14 09:33 . 2003-09-24 21:37 96,256 --a------ e:\windows\system32\mCodexDLLStub.exe
2009-01-14 09:33 . 2003-09-24 21:37 69,466 --a------ e:\windows\system32\codex.translations.Active
2009-01-14 09:13 . 1999-04-02 16:37 33,792 -ra------ e:\windows\NPSExec.exe
2009-01-14 09:13 . 2009-01-14 09:13 503 --a------ e:\windows\eReg.dat
2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- e:\documents and settings\Dan Tilley\WINDOWS
2009-01-14 09:09 . 1998-10-29 17:45 306,688 --a------ e:\windows\IsUninst.exe
2009-01-14 03:08 . 2009-01-14 03:08 <DIR> d-------- E:\Documents
2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- e:\documents and settings\Dan Tilley\Tracing
2009-01-12 20:59 . 2009-01-12 20:59 <DIR> d-------- e:\program files\Microsoft
2009-01-06 05:41 . 2009-01-06 05:41 <DIR> d-------- e:\program files\NT Registry Optimizer
2009-01-06 05:08 . 2009-01-06 05:08 <DIR> d-------- e:\program files\Defraggler
2009-01-06 05:05 . 2009-01-06 05:05 <DIR> d-------- e:\program files\Spybot - Search & Destroy
2009-01-06 04:20 . 2009-01-06 04:20 <DIR> d-------- e:\program files\Microsoft Silverlight
2009-01-06 03:42 . 2009-01-06 03:42 <DIR> d-------- e:\windows\system32\URTTEMP
2009-01-06 00:28 . 2006-01-01 01:04 10,027 --a------ e:\windows\system32\mspriv32.dll
2009-01-06 00:12 . 2009-01-06 00:12 10,070 --a------ e:\windows\system32\msrep32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 07:26 25,992 ----a-w e:\windows\system32\pgdfgsvc.exe
2009-01-19 19:02 932,696 ----a-w e:\windows\system32\Incinerator.dll
2008-12-22 08:47 --------- d-----w e:\documents and settings\NetworkService\Application Data\iolo
2008-12-22 08:36 --------- d-----w e:\documents and settings\LocalService\Application Data\iolo
2008-12-22 08:35 74,703 ----a-w e:\windows\system32\mfc45.dll
2008-12-22 08:35 --------- d-----w e:\documents and settings\All Users\Application Data\iolo
2008-12-21 05:13 --------- d-----w e:\documents and settings\Dan Tilley\Application Data\TuneUp Software
2008-12-21 05:12 --------- d-sh--w e:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-21 05:12 --------- d-----w e:\program files\TuneUp Utilities 2009
2008-12-21 05:12 --------- d-----w e:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-21 03:48 --------- d-----w e:\documents and settings\All Users\Application Data\TEMP
2008-12-13 06:49 21,840 ----a-w e:\windows\system32\SIntfNT.dll
2008-12-13 06:49 17,212 ----a-w e:\windows\system32\SIntf32.dll
2008-12-13 06:49 12,067 ----a-w e:\windows\system32\SIntf16.dll
2008-11-18 19:51 8,192 ----a-w e:\windows\system32\smrgdf.exe
2008-11-06 16:35 200,704 ----a-w e:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w e:\windows\system32\libdivx.dll
2008-02-12 22:59 6,144 --sh--r e:\windows\system32\csrss.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-14 34880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=e:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=e:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-24 02:46 507224 e:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 02:39 486856 e:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2003-07-14 22:53 34880 e:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 e:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2009-02-05 07:43 171448 e:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 e:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BOCore"=2 (0x2)
"ose"=3 (0x3)
"Messenger"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"vsmon"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"sdAuxService"=2 (0x2)
"sdCoreService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"VideoAcceleratorService"=2 (0x2)
"usnjsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WinDefend"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"gusvc"=3 (0x3)
"ASKService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"LiveTurbineMessageService"=3 (0x3)
"LiveTurbineNetworkService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Office12\\OUTLOOK.EXE"=
"c:\\Office12\\groove.exe"=
"c:\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Java\\jre1.6.0_03\\BIN\\javaw.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Cosmi\\SpyWare Killer Pro\\stealth\\stealthsurf.exe"=
"d:\\Turbine Download Manager\\TurbineNetworkService.exe"=
"d:\\Turbine Download Manager\\TurbineMessageService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16881:UDP"= 16881:UDP:rty
"62048:TCP"= 62048:TCP:Utor
"62048:UDP"= 62048:UDP:utor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\Drivers\avgldx86.sys --> e:\windows\system32\Drivers\avgldx86.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;d:\turbine download manager\TurbineMessageService.exe [2009-02-03 255472]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;d:\turbine download manager\TurbineNetworkService.exe [2009-02-03 218608]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe --> e:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe --> e:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 ekrn;Eset Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S4 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-28 712048]
S4 ioloSystemService;iolo System Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-28 712048]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S4 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\svcntaux.exe --> e:\program files\Spyware Doctor\svcntaux.exe [?]
S4 WinDefend;Windows Defender;"e:\program files\Windows Defender\MsMpEng.exe" --> e:\program files\Windows Defender\MsMpEng.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 02:46]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
MSConfigStartUp-AdobeUpdater - e:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-Aim6 - e:\program files\AIM6\aim6.exe
MSConfigStartUp-AppleSyncNotifier - e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-AVG7_CC - e:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-AVG8_TRAY - e:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-BOC-425 - e:\progra~1\Comodo\CBOClean\BOC425.exe
MSConfigStartUp-PC Connection Agent - e:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-HP Software Update - e:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-Let's Just Play Challenge Tracker - e:\program files\Let's Just Play Challenge Tracker\Let's Just Play Challenge Tracker.exe
MSConfigStartUp-MSMSGS - e:\program files\Messenger\msmsgs.exe
MSConfigStartUp-MySpaceIM - e:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-realteke - e:\documents and settings\Dan Tilley\Application Data\Google\cijwg16225165.exe
MSConfigStartUp-SDTray - e:\program files\Spyware Doctor\SDTrayApp.exe
MSConfigStartUp-SpeedBitVideoAccelerator - e:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
MSConfigStartUp-TkBellExe - e:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-TrojanScanner - e:\program files\Trojan Remover\Trjscan.exe
MSConfigStartUp-Veoh - e:\program files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-ZoneAlarm Client - e:\program files\Zone Labs\ZoneAlarm\zlclient.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = localhost:9095
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Dan Tilley\Application Data\Mozilla\Firefox\Profiles\sxglj6bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 21:09:33
Windows 5.1.2600 Service Pack 3, v.3311 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1100)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-05 21:10:56
ComboFix-quarantined-files.txt 2009-02-06 05:10:56

Pre-Run: 7,786,512,384 bytes free
Post-Run: 7,847,297,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\="Microsoft Windows"

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
320 --- E O F --- 2008-12-20 07:40:26



Here is the new hijack this.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:54 PM, on 2/5/2009
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\system32\imapi.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - E:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190950710218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229655433890
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - D:\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - D:\Turbine Download Manager\TurbineNetworkService.exe

--
End of file - 5335 bytes

Okay well before we go any further you REALLY have an issue here already and it's not Malware.
You have 3 Anti-Virus programs installed or pieces running. This causes all kinds of conflicts and issues.
You can only have 1 Anti-Virus program installed at any one time.
Please choose one of the 3 programs and FULLY remove the others.

AVG Anti-Virus Free
Avira AntiVir PersonalEdition
ESET NOD32 Antivirus 3.0

DO NOT Proceed until you've removed at least 2 of the above Anti-Virus programs.

When you're down to only 1 Anti-Virus product please run this.

STEP 1
With all other applications closed (Taskbar empty), open HijackThis again
and run Do a system scan only and place a check mark on the following items.

• R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095
• R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
• O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
• O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
• O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
• O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
• O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
• O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
  Then Quit All Browsers including the one you're reading this in now.
  Then click on Fix checked and then quit HJT

STEP 2
Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA
When we're done you can go back and install the latest version but for now please do not install any.

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location and post it back when you reply

Then look for the following Java folders and if found delete them.
C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

STEP 3
DELETE your current copy of Combofix.exe and download a NEW fresh copy and run Combofix again.

Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.
• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

STEP 4
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile
The post back NEW MBAM and HJT logs in that order please.

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 3, v.3311

2/6/2009 12:56:01 PM
mbam-log-2009-02-06 (12-56-01).txt

Scan type: Quick Scan
Objects scanned: 55438
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:20 PM, on 2/6/2009
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - E:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190950710218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229655433890
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

--
End of file - 3903 bytes



I don't know if you need the combofix log, but here it is.

ComboFix 09-02-06.01 - Dan Tilley 2009-02-06 12:44:16.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.223 [GMT -8:00]
Running from: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.

2009-02-05 07:43 . 2009-02-05 07:43 <DIR> d-------- e:\program files\Google
2009-02-05 07:30 . 2009-02-05 07:30 <DIR> d-------- e:\documents and settings\A New Beginning\Application Data\Malwarebytes
2009-02-04 19:24 . 2009-02-04 19:24 <DIR> d-------- e:\program files\Trend Micro
2009-02-04 18:53 . 2009-02-04 18:53 <DIR> d-------- e:\program files\Opera
2009-02-03 14:56 . 2009-02-03 14:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\Turbine
2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\program files\Avira
2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\documents and settings\All Users\Application Data\Avira
2009-01-28 22:51 . 2008-03-03 14:25 5,702 --ah----- e:\windows\nod32restoretemdono.reg
2009-01-28 22:51 . 2008-03-03 18:21 568 --ah----- e:\windows\nod32fixtemdono.reg
2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\program files\ESET
2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\documents and settings\All Users\Application Data\ESET
2009-01-28 22:27 . 2009-01-28 22:27 <DIR> d-------- e:\program files\LimeWire
2009-01-28 22:05 . 2009-01-28 22:05 <DIR> d-------- e:\program files\iolo
2009-01-28 22:05 . 2008-04-17 09:45 9,341 --a------ e:\windows\system32\drivers\filedisk.sys
2009-01-28 22:02 . 2009-01-28 22:02 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\iolo
2009-01-27 11:27 . 2009-01-27 11:27 <DIR> d-------- e:\program files\common files\Blizzard Entertainment
2009-01-26 17:56 . 2009-01-26 17:56 61,440 --a------ e:\windows\system32\drivers\hcpa.sys
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\program files\SUPERAntiSpyware
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\SUPERAntiSpyware.com
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-25 11:44 . 2009-01-25 11:44 <DIR> d-------- e:\program files\common files\Wise Installation Wizard
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Malwarebytes
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 01:51 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 01:51 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2009-01-24 12:57 . 2009-01-24 02:47 15,688 --a------ e:\windows\system32\lsdelete.exe
2009-01-24 03:24 . 2009-01-24 02:46 64,160 --a------ e:\windows\system32\drivers\Lbd.sys
2009-01-24 02:56 . 2009-01-24 02:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\PC Tools
2009-01-24 02:43 . 2009-01-24 02:43 <DIR> d--h----- e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 02:41 . 2009-01-24 02:41 <DIR> d-------- e:\program files\Lavasoft
2009-01-23 17:55 . 2008-04-17 13:12 107,368 --a------ e:\windows\system32\GEARAspi.dll
2009-01-23 17:55 . 2008-04-17 13:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\program files\common files\Apple
2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- e:\program files\Bonjour
2009-01-22 14:58 . 2009-01-22 14:58 <DIR> d-------- e:\program files\common files\Adobe
2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\Microsoft Works
2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\common files\L&H
2009-01-21 12:32 . 2009-01-22 10:58 376 --a------ e:\windows\ODBC.INI
2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\program files\CCleaner
2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Yahoo!
2009-01-20 18:36 . 2009-01-20 18:36 <DIR> d--hs---- E:\FOUND.000
2009-01-20 11:49 . 2009-01-20 11:49 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\PC Tools
2009-01-20 11:49 . 2007-10-18 00:16 79,688 --a------ e:\windows\system32\drivers\iksyssec.sys
2009-01-20 11:49 . 2007-10-18 00:15 62,280 --a------ e:\windows\system32\drivers\iksysflt.sys
2009-01-20 11:49 . 2007-10-18 00:14 41,288 --a------ e:\windows\system32\drivers\ikfilesec.sys
2009-01-20 11:49 . 2007-10-18 00:16 29,000 --a------ e:\windows\system32\drivers\kcom.sys
2009-01-19 19:15 . 2009-01-19 19:15 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Yahoo
2009-01-17 09:12 . 2009-01-17 09:12 <DIR> d-------- e:\program files\RegScrubXP
2009-01-15 04:46 . 2009-01-24 02:25 1,502,720 --a------ e:\windows\goInstaller.exe
2009-01-15 04:45 . 2009-01-15 04:45 <DIR> d-------- e:\program files\Cosmi
2009-01-14 09:33 . 2004-06-01 07:55 1,896,484 --a------ e:\windows\system32\mCodexAPI.dll
2009-01-14 09:33 . 2003-09-24 21:37 96,256 --a------ e:\windows\system32\mCodexDLLStub.exe
2009-01-14 09:33 . 2003-09-24 21:37 69,466 --a------ e:\windows\system32\codex.translations.Active
2009-01-14 09:13 . 1999-04-02 16:37 33,792 -ra------ e:\windows\NPSExec.exe
2009-01-14 09:13 . 2009-01-14 09:13 503 --a------ e:\windows\eReg.dat
2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- e:\documents and settings\Dan Tilley\WINDOWS
2009-01-14 09:09 . 1998-10-29 17:45 306,688 --a------ e:\windows\IsUninst.exe
2009-01-14 03:08 . 2009-01-14 03:08 <DIR> d-------- E:\Documents
2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- e:\documents and settings\Dan Tilley\Tracing
2009-01-12 20:59 . 2009-01-12 20:59 <DIR> d-------- e:\program files\Microsoft
2009-01-06 05:41 . 2009-01-06 05:41 <DIR> d-------- e:\program files\NT Registry Optimizer
2009-01-06 05:08 . 2009-01-06 05:08 <DIR> d-------- e:\program files\Defraggler
2009-01-06 05:05 . 2009-01-06 05:05 <DIR> d-------- e:\program files\Spybot - Search & Destroy
2009-01-06 04:20 . 2009-01-06 04:20 <DIR> d-------- e:\program files\Microsoft Silverlight
2009-01-06 03:42 . 2009-01-06 03:42 <DIR> d-------- e:\windows\system32\URTTEMP
2009-01-06 00:28 . 2006-01-01 01:04 10,027 --a------ e:\windows\system32\mspriv32.dll
2009-01-06 00:12 . 2009-01-06 00:12 10,070 --a------ e:\windows\system32\msrep32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 07:26 25,992 ----a-w e:\windows\system32\pgdfgsvc.exe
2009-01-19 19:02 932,696 ----a-w e:\windows\system32\Incinerator.dll
2008-12-22 08:47 --------- d-----w e:\documents and settings\NetworkService\Application Data\iolo
2008-12-22 08:36 --------- d-----w e:\documents and settings\LocalService\Application Data\iolo
2008-12-22 08:35 74,703 ----a-w e:\windows\system32\mfc45.dll
2008-12-22 08:35 --------- d-----w e:\documents and settings\All Users\Application Data\iolo
2008-12-21 05:13 --------- d-----w e:\documents and settings\Dan Tilley\Application Data\TuneUp Software
2008-12-21 05:12 --------- d-sh--w e:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-21 05:12 --------- d-----w e:\program files\TuneUp Utilities 2009
2008-12-21 05:12 --------- d-----w e:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-21 03:48 --------- d-----w e:\documents and settings\All Users\Application Data\TEMP
2008-12-13 06:49 21,840 ----a-w e:\windows\system32\SIntfNT.dll
2008-12-13 06:49 17,212 ----a-w e:\windows\system32\SIntf32.dll
2008-12-13 06:49 12,067 ----a-w e:\windows\system32\SIntf16.dll
2008-11-18 19:51 8,192 ----a-w e:\windows\system32\smrgdf.exe
2008-11-06 16:35 200,704 ----a-w e:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w e:\windows\system32\libdivx.dll
2008-02-12 22:59 6,144 --sh--r e:\windows\system32\csrss.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"MSConfig"="e:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-02-12 169984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=e:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=e:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-24 02:46 507224 e:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 02:39 486856 e:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2003-07-14 22:53 34880 e:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2009-02-05 07:43 171448 e:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 e:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BOCore"=2 (0x2)
"ose"=3 (0x3)
"Messenger"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"vsmon"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"sdAuxService"=2 (0x2)
"sdCoreService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"VideoAcceleratorService"=2 (0x2)
"usnjsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WinDefend"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"gusvc"=3 (0x3)
"ASKService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"LiveTurbineMessageService"=3 (0x3)
"LiveTurbineNetworkService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Office12\\OUTLOOK.EXE"=
"c:\\Office12\\groove.exe"=
"c:\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Cosmi\\SpyWare Killer Pro\\stealth\\stealthsurf.exe"=
"d:\\Turbine Download Manager\\TurbineNetworkService.exe"=
"d:\\Turbine Download Manager\\TurbineMessageService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16881:UDP"= 16881:UDP:rty
"62048:TCP"= 62048:TCP:Utor
"62048:UDP"= 62048:UDP:utor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\Drivers\avgldx86.sys --> e:\windows\system32\Drivers\avgldx86.sys [?]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe --> e:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe --> e:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 ekrn;Eset Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S4 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-28 712048]
S4 ioloSystemService;iolo System Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-28 712048]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S4 LiveTurbineMessageService;Turbine Message Service - Live;d:\turbine download manager\TurbineMessageService.exe [2009-02-03 255472]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;d:\turbine download manager\TurbineNetworkService.exe [2009-02-03 218608]
S4 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\svcntaux.exe --> e:\program files\Spyware Doctor\svcntaux.exe [?]
S4 WinDefend;Windows Defender;"e:\program files\Windows Defender\MsMpEng.exe" --> e:\program files\Windows Defender\MsMpEng.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PAGEDFRG

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 02:46]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - e:\program files\Java\jre1.6.0_03\bin\jusched.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Dan Tilley\Application Data\Mozilla\Firefox\Profiles\sxglj6bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 12:46:46
Windows 5.1.2600 Service Pack 3, v.3311 FAT NTAPI

scanning hidden processes ...

e:\windows\explorer.exe [908] 0x832445C0

scanning hidden autostart entries ...

scanning hidden files ...


e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 7684096 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 5455872 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 868352 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3358720 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\P 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\X 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\y 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\' 6504448 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\w 6045696 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\" 7487488 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 7815168 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 5455872 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\y 868352 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 5062656 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5455872 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\k 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\D 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4800512 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4276224 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 5718016 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\d 4472832 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 4341760 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\B 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6504448 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7487488 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6701056 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4800512 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6373376 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\N 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 5062656 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5521408 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7094272 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3358720 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 6766592 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\F 3358720 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 7159808 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 2703360 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 5062656 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5128192 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\- 5455872 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 868352 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 6373376 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\b 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4276224 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 2703360 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\A 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7487488 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 7684096 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 5455872 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 2965504 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 4800512 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6373376 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6438912 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3031040 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 4669440 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 3358720 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 4276224 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\5 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7749632 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 5128192 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\d 5128192 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 3031040 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 7749632 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 4472832 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\O 4538368 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\T 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2244608 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\; 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 4472832 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\X 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7356416 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 3031040 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\W 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\X 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 5062656 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 4472832 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 4538368 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 4538368 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\T 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\9 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 5390336 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6438912 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3031040 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\9 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3751936 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\5 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6504448 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7487488 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6701056 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4800512 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6373376 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\N 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 5062656 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5521408 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7094272 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3751936 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\5 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3358720 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3489792 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\F 3358720 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 7159808 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 2703360 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 5062656 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5128192 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\- 5455872 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 868352 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 6373376 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\b 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\9 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4276224 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 2703360 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\A 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7487488 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 7684096 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 5455872 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 2965504 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 4800512 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 5193728 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\P 6569984 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\d 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3751936 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 7487488 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 4472832 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 3489792 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 2572288 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 5783552 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\8 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 5390336 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\_ 3031040 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\D 4276224 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 6569984 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 6242304 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 4538368 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 4538368 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\T 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\9 7684096 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 4800512 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6373376 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\C 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6438912 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3031040 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6504448 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 4276224 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\F 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7159808 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 7159808 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 6701056 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 4800512 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 7684096 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\u 5062656 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\S 5980160 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 5521408 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7094272 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\e 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 6111232 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 868352 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 6373376 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\b 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 3358720 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 6766592 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\F 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 6504448 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 3620864 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\n 4276224 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 2703360 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\r 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\f 7684096 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 5455872 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3227648 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\a 6635520 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 868352 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3358720 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 671744 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\[ 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6438912 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\l 3031040 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\] 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 6897664 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 4603904 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\c 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\0 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\2 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\3 4407296 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 3162112 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 6504448 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\( 3293184 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 7290880 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\m 2637824 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\s 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\6 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\ 7618560 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\o 3424256 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\7 7553024 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\) 3555328 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\: 5390336 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\t 7225344 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\g 5390336 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\1 3686400 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\A 2113536 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\i 3817472 bytes
e:\docume~1\DANTIL~1\LOCALS~1\Temp\plugtmp\\ 7290880 bytes

scan completed successfully
hidden files: 482

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1100)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-06 12:48:31
ComboFix-quarantined-files.txt 2009-02-06 20:48:30
ComboFix2.txt 2009-02-06 05:10:58

Pre-Run: 7,993,835,520 bytes free
Post-Run: 7,998,619,648 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
756 --- E O F --- 2008-12-20 07:40:26

I need to know what you decided to do about the Anti-Virus programs please.

Then go to this folder and delete everything in it including folders: e:\docume~1\DANTIL~1\LOCALS~1\Temp\

I cannot locate that folder you specified. I put it in the search box, but I got legit looking files that i normal use, instead of those weird symbols in the file name.

I also downloaded the Eset and AVG removal tools to get rid of those two.

Please click on START - RUN and copy/paste the contents of the CODE box and hit the OK button.


You may have corrupted files on your disk. Please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK







Then after the reboot delete your current copy of Combofix and download a NEW fresh copy and run it again please.

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe

The first command line didnt work. Second one worked and disk check found no errors.

Even after the removal tools, the combofix still detected eset and avg still on the system /sigh.

ComboFix 09-02-06.02 - Dan Tilley 2009-02-07 1:19:57.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.114 [GMT -8:00]
Running from: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
FW: Sygate Personal Firewall *enabled*
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-06 17:06 . 2004-10-15 18:17 60,496 --a------ e:\windows\system32\drivers\Teefer.sys
2009-02-06 17:06 . 2004-10-15 18:18 21,075 --a------ e:\windows\system32\drivers\wpsdrvnt.sys
2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg6n.sys
2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg5n.sys
2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg4n.sys
2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg3n.sys
2009-02-06 17:05 . 2009-02-06 17:05 <DIR> d-------- e:\program files\Sygate
2009-02-06 17:05 . 2004-10-15 18:32 83,096 --a------ e:\windows\system32\SSSensor.dll
2009-02-06 14:35 . 2009-02-06 14:35 0 --a------ E:\XES8A.tmp
2009-02-06 14:35 . 2009-02-06 14:35 0 --a------ E:\XES88.tmp
2009-02-06 14:13 . 2009-02-06 14:13 <DIR> d-------- e:\program files\Java
2009-02-06 14:13 . 2009-02-06 14:13 410,984 --a------ e:\windows\system32\deploytk.dll
2009-02-06 13:03 . 2009-02-06 13:03 <DIR> d--hs---- E:\FOUND.001
2009-02-05 07:30 . 2009-02-05 07:30 <DIR> d-------- e:\documents and settings\A New Beginning\Application Data\Malwarebytes
2009-02-04 19:24 . 2009-02-04 19:24 <DIR> d-------- e:\program files\Trend Micro
2009-02-03 14:56 . 2009-02-03 14:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\Turbine
2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\program files\Avira
2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\documents and settings\All Users\Application Data\Avira
2009-01-28 22:51 . 2008-03-03 14:25 5,702 --ah----- e:\windows\nod32restoretemdono.reg
2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\documents and settings\All Users\Application Data\ESET
2009-01-28 22:27 . 2009-01-28 22:27 <DIR> d-------- e:\program files\LimeWire
2009-01-28 22:05 . 2008-04-17 09:45 9,341 --a------ e:\windows\system32\drivers\filedisk.sys
2009-01-27 11:27 . 2009-01-27 11:27 <DIR> d-------- e:\program files\common files\Blizzard Entertainment
2009-01-26 17:56 . 2009-01-26 17:56 61,440 --a------ e:\windows\system32\drivers\hcpa.sys
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\program files\SUPERAntiSpyware
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\SUPERAntiSpyware.com
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-25 11:44 . 2009-01-25 11:44 <DIR> d-------- e:\program files\common files\Wise Installation Wizard
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Malwarebytes
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 01:51 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 01:51 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2009-01-24 12:57 . 2009-01-24 02:47 15,688 --a------ e:\windows\system32\lsdelete.exe
2009-01-24 03:24 . 2009-01-24 02:46 64,160 --a------ e:\windows\system32\drivers\Lbd.sys
2009-01-24 02:56 . 2009-01-24 02:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\PC Tools
2009-01-24 02:43 . 2009-01-24 02:43 <DIR> d--h----- e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 02:41 . 2009-01-24 02:41 <DIR> d-------- e:\program files\Lavasoft
2009-01-23 17:55 . 2008-04-17 13:12 107,368 --a------ e:\windows\system32\GEARAspi.dll
2009-01-23 17:55 . 2008-04-17 13:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\program files\common files\Apple
2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- e:\program files\Bonjour
2009-01-22 14:58 . 2009-01-22 14:58 <DIR> d-------- e:\program files\common files\Adobe
2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\Microsoft Works
2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\common files\L&H
2009-01-21 12:32 . 2009-01-22 10:58 376 --a------ e:\windows\ODBC.INI
2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\program files\CCleaner
2009-01-20 18:36 . 2009-01-20 18:36 <DIR> d--hs---- E:\FOUND.000
2009-01-20 11:49 . 2007-10-18 00:16 79,688 --a------ e:\windows\system32\drivers\iksyssec.sys
2009-01-20 11:49 . 2007-10-18 00:15 62,280 --a------ e:\windows\system32\drivers\iksysflt.sys
2009-01-20 11:49 . 2007-10-18 00:14 41,288 --a------ e:\windows\system32\drivers\ikfilesec.sys
2009-01-20 11:49 . 2007-10-18 00:16 29,000 --a------ e:\windows\system32\drivers\kcom.sys
2009-01-17 09:12 . 2009-01-17 09:12 <DIR> d-------- e:\program files\RegScrubXP
2009-01-15 04:46 . 2009-01-24 02:25 1,502,720 --a------ e:\windows\goInstaller.exe
2009-01-15 04:45 . 2009-01-15 04:45 <DIR> d-------- e:\program files\Cosmi
2009-01-14 09:33 . 2004-06-01 07:55 1,896,484 --a------ e:\windows\system32\mCodexAPI.dll
2009-01-14 09:33 . 2003-09-24 21:37 96,256 --a------ e:\windows\system32\mCodexDLLStub.exe
2009-01-14 09:33 . 2003-09-24 21:37 69,466 --a------ e:\windows\system32\codex.translations.Active
2009-01-14 09:13 . 1999-04-02 16:37 33,792 -ra------ e:\windows\NPSExec.exe
2009-01-14 09:13 . 2009-01-14 09:13 503 --a------ e:\windows\eReg.dat
2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- e:\documents and settings\Dan Tilley\WINDOWS
2009-01-14 09:09 . 1998-10-29 17:45 306,688 --a------ e:\windows\IsUninst.exe
2009-01-14 03:08 . 2009-01-14 03:08 <DIR> d-------- E:\Documents
2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- e:\documents and settings\Dan Tilley\Tracing
2009-01-12 20:59 . 2009-01-12 20:59 <DIR> d-------- e:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 21:12 25,992 ----a-w e:\windows\system32\pgdfgsvc.exe
2009-01-19 19:02 932,696 ----a-w e:\windows\system32\Incinerator.dll
2009-01-06 13:41 --------- d-----w e:\program files\NT Registry Optimizer
2009-01-06 13:08 --------- d-----w e:\program files\Defraggler
2009-01-06 13:05 --------- d-----w e:\program files\Spybot - Search & Destroy
2009-01-06 12:20 --------- d-----w e:\program files\Microsoft Silverlight
2009-01-06 08:12 10,070 ----a-w e:\windows\system32\msrep32.dll
2008-12-22 08:47 --------- d-----w e:\documents and settings\NetworkService\Application Data\iolo
2008-12-22 08:36 --------- d-----w e:\documents and settings\LocalService\Application Data\iolo
2008-12-22 08:35 74,703 ----a-w e:\windows\system32\mfc45.dll
2008-12-22 08:35 --------- d-----w e:\documents and settings\All Users\Application Data\iolo
2008-12-21 05:12 --------- d-sh--w e:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-21 05:12 --------- d-----w e:\program files\TuneUp Utilities 2009
2008-12-21 05:12 --------- d-----w e:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-21 03:48 --------- d-----w e:\documents and settings\All Users\Application Data\TEMP
2008-12-13 06:49 21,840 ----a-w e:\windows\system32\SIntfNT.dll
2008-12-13 06:49 17,212 ----a-w e:\windows\system32\SIntf32.dll
2008-12-13 06:49 12,067 ----a-w e:\windows\system32\SIntf16.dll
2008-11-18 19:51 8,192 ----a-w e:\windows\system32\smrgdf.exe
2008-02-12 22:59 6,144 --sh--r e:\windows\system32\csrss.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-05_21.09.50.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-07 01:05:58 4,608 ----a-r e:\windows\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe
- 2004-07-15 19:23:44 626,688 ----a-w e:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 19:23:44 327,680 ----a-w e:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-10-16 02:31:58 99,480 ----a-w e:\windows\system32\FwsVpn.dll
- 2007-09-25 06:30:28 135,168 ----a-w e:\windows\system32\java.exe
+ 2009-02-06 22:13:26 144,792 ----a-w e:\windows\system32\java.exe
- 2007-09-25 06:30:30 135,168 ----a-w e:\windows\system32\javaw.exe
+ 2009-02-06 22:13:26 144,792 ----a-w e:\windows\system32\javaw.exe
- 2007-09-25 07:31:42 139,264 ----a-w e:\windows\system32\javaws.exe
+ 2009-02-06 22:13:26 148,888 ----a-w e:\windows\system32\javaws.exe
+ 2004-10-16 02:31:56 218,264 ----a-w e:\windows\system32\SetAid.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SmcService"="e:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=e:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=e:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-24 02:46 507224 e:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 02:39 486856 e:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2003-07-14 22:53 34880 e:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-06 14:13 136600 e:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 e:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BOCore"=2 (0x2)
"ose"=3 (0x3)
"Messenger"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"vsmon"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"sdAuxService"=2 (0x2)
"sdCoreService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"VideoAcceleratorService"=2 (0x2)
"usnjsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WinDefend"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"gusvc"=3 (0x3)
"ASKService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"LiveTurbineMessageService"=3 (0x3)
"LiveTurbineNetworkService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Office12\\OUTLOOK.EXE"=
"c:\\Office12\\groove.exe"=
"c:\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Cosmi\\SpyWare Killer Pro\\stealth\\stealthsurf.exe"=
"d:\\Turbine Download Manager\\TurbineNetworkService.exe"=
"d:\\Turbine Download Manager\\TurbineMessageService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16881:UDP"= 16881:UDP:rty
"62048:TCP"= 62048:TCP:Utor
"62048:UDP"= 62048:UDP:utor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe --> e:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ekrn;Eset Service;"e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S4 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe --> e:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe --> e:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S4 LiveTurbineMessageService;Turbine Message Service - Live;d:\turbine download manager\TurbineMessageService.exe [2009-02-03 255472]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;d:\turbine download manager\TurbineNetworkService.exe [2009-02-03 218608]
S4 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\svcntaux.exe --> e:\program files\Spyware Doctor\svcntaux.exe [?]
S4 WinDefend;Windows Defender;"e:\program files\Windows Defender\MsMpEng.exe" --> e:\program files\Windows Defender\MsMpEng.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SMCSERVICE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 02:46]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-swg - e:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Dan Tilley\Application Data\Mozilla\Firefox\Profiles\sxglj6bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 01:22:24
Windows 5.1.2600 Service Pack 3, v.3311 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1508)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-07 1:24:22
ComboFix-quarantined-files.txt 2009-02-07 09:24:16
ComboFix3.txt 2009-02-06 05:10:58
ComboFix2.txt 2009-02-06 20:48:34

Pre-Run: 8,016,232,448 bytes free
Post-Run: 8,029,323,264 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
287 --- E O F --- 2008-12-20 07:40:26

Okay at this point I really think its best if you can download and burn this CD and run it. If you can't do it on your own system then see if you can on a friends or at work.

Please download this, place a blank CD in your burner and double-click on the downloaded file. It will automatically burn the CD for you.
At the bottom left should be 2 flags. If you use your mouse and click on the British flag the interface should switch to English for you.
Have it scan ALL files. There is no way that I'm aware of to save a log, so you may need to write down any special errors or infections found and their outcome.

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

Avira AntiVir Rescue System - download

Avira AntiVir Rescue System
Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:


repair a damaged system,


rescue data,


scan the system for virus infections.


Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Rescue CD screen resolution problem
Please see the post here if you're unable to view the entire screen of Avira.

just to clarify...after I burn this to the cd, what should happen? Anything else I need to do, like post some more logs?

You need to set your BIOS to boot from the CD or choose a menu to do so.

There is no way that I'm aware of to save a log in this version. Basically have it check ALL files and fix/move/rename anything it finds wrong.

I did the boot scan and it found no problems, just alot of warnings. Pertaining to unable to remove certain files or something. I couldn't copy/paste the log so sorry for being vague.

Yes there are some it can't and it typically renames them.

Okay do this please. Delete you Combofix.exe file and download a new fresh copy and run it again and post back that log.

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe

ComboFix 09-02-06.04 - Dan Tilley 2009-02-08 0:08:47.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.237 [GMT -8:00]
Running from: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Dan Tilley\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
FW: Sygate Personal Firewall *disabled*
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-06 17:06 . 2004-10-15 18:17 60,496 --a------ e:\windows\system32\drivers\Teefer.sys
2009-02-06 17:06 . 2004-10-15 18:18 21,075 --a------ e:\windows\system32\drivers\wpsdrvnt.sys
2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg6n.sys
2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg5n.sys
2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg4n.sys
2009-02-06 17:06 . 2004-10-15 18:32 14,568 --a------ e:\windows\system32\drivers\wg3n.sys
2009-02-06 17:05 . 2009-02-06 17:05 <DIR> d-------- e:\program files\Sygate
2009-02-06 17:05 . 2004-10-15 18:32 83,096 --a------ e:\windows\system32\SSSensor.dll
2009-02-06 14:35 . 2009-02-06 14:35 0 --a------ E:\XES8A.tmp
2009-02-06 14:35 . 2009-02-06 14:35 0 --a------ E:\XES88.tmp
2009-02-06 14:13 . 2009-02-06 14:13 <DIR> d-------- e:\program files\Java
2009-02-06 14:13 . 2009-02-06 14:13 410,984 --a------ e:\windows\system32\deploytk.dll
2009-02-06 13:03 . 2009-02-06 13:03 <DIR> d--hs---- E:\FOUND.001
2009-02-05 07:30 . 2009-02-05 07:30 <DIR> d-------- e:\documents and settings\A New Beginning\Application Data\Malwarebytes
2009-02-04 19:24 . 2009-02-04 19:24 <DIR> d-------- e:\program files\Trend Micro
2009-02-03 14:56 . 2009-02-03 14:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\Turbine
2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\program files\Avira
2009-01-28 23:14 . 2009-01-28 23:14 <DIR> d-------- e:\documents and settings\All Users\Application Data\Avira
2009-01-28 22:51 . 2008-03-03 14:25 5,702 --ah----- e:\windows\nod32restoretemdono.reg
2009-01-28 22:49 . 2009-01-28 22:49 <DIR> d-------- e:\documents and settings\All Users\Application Data\ESET
2009-01-28 22:27 . 2009-01-28 22:27 <DIR> d-------- e:\program files\LimeWire
2009-01-28 22:05 . 2008-04-17 09:45 9,341 --a------ e:\windows\system32\drivers\filedisk.sys
2009-01-27 11:27 . 2009-01-27 11:27 <DIR> d-------- e:\program files\common files\Blizzard Entertainment
2009-01-26 17:56 . 2009-01-26 17:56 61,440 --a------ e:\windows\system32\drivers\hcpa.sys
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\program files\SUPERAntiSpyware
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\SUPERAntiSpyware.com
2009-01-25 11:45 . 2009-01-25 11:45 <DIR> d-------- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-25 11:44 . 2009-01-25 11:44 <DIR> d-------- e:\program files\common files\Wise Installation Wizard
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\program files\Malwarebytes' Anti-Malware
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\Dan Tilley\Application Data\Malwarebytes
2009-01-25 01:51 . 2009-01-25 01:51 <DIR> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 01:51 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 01:51 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2009-01-24 12:57 . 2009-01-24 02:47 15,688 --a------ e:\windows\system32\lsdelete.exe
2009-01-24 03:24 . 2009-01-24 02:46 64,160 --a------ e:\windows\system32\drivers\Lbd.sys
2009-01-24 02:56 . 2009-01-24 02:56 <DIR> d-------- e:\documents and settings\All Users\Application Data\PC Tools
2009-01-24 02:43 . 2009-01-24 02:43 <DIR> d--h----- e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 02:41 . 2009-01-24 02:41 <DIR> d-------- e:\program files\Lavasoft
2009-01-23 17:55 . 2008-04-17 13:12 107,368 --a------ e:\windows\system32\GEARAspi.dll
2009-01-23 17:55 . 2008-04-17 13:12 15,464 --a------ e:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\program files\common files\Apple
2009-01-23 17:54 . 2009-01-23 17:54 <DIR> d-------- e:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- e:\program files\Bonjour
2009-01-22 14:58 . 2009-01-22 14:58 <DIR> d-------- e:\program files\common files\Adobe
2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\Microsoft Works
2009-01-22 10:56 . 2009-01-22 10:56 <DIR> d-------- e:\program files\common files\L&H
2009-01-21 12:32 . 2009-01-22 10:58 376 --a------ e:\windows\ODBC.INI
2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- e:\program files\CCleaner
2009-01-20 18:36 . 2009-01-20 18:36 <DIR> d--hs---- E:\FOUND.000
2009-01-20 11:49 . 2007-10-18 00:16 79,688 --a------ e:\windows\system32\drivers\iksyssec.sys
2009-01-20 11:49 . 2007-10-18 00:15 62,280 --a------ e:\windows\system32\drivers\iksysflt.sys
2009-01-20 11:49 . 2007-10-18 00:14 41,288 --a------ e:\windows\system32\drivers\ikfilesec.sys
2009-01-20 11:49 . 2007-10-18 00:16 29,000 --a------ e:\windows\system32\drivers\kcom.sys
2009-01-17 09:12 . 2009-01-17 09:12 <DIR> d-------- e:\program files\RegScrubXP
2009-01-15 04:46 . 2009-01-24 02:25 1,502,720 --a------ e:\windows\goInstaller.exe
2009-01-15 04:45 . 2009-01-15 04:45 <DIR> d-------- e:\program files\Cosmi
2009-01-14 09:33 . 2004-06-01 07:55 1,896,484 --a------ e:\windows\system32\mCodexAPI.dll
2009-01-14 09:33 . 2003-09-24 21:37 96,256 --a------ e:\windows\system32\mCodexDLLStub.exe
2009-01-14 09:33 . 2003-09-24 21:37 69,466 --a------ e:\windows\system32\codex.translations.Active
2009-01-14 09:13 . 1999-04-02 16:37 33,792 -ra------ e:\windows\NPSExec.exe
2009-01-14 09:13 . 2009-01-14 09:13 503 --a------ e:\windows\eReg.dat
2009-01-14 09:09 . 2009-01-14 09:09 <DIR> d-------- e:\documents and settings\Dan Tilley\WINDOWS
2009-01-14 09:09 . 1998-10-29 17:45 306,688 --a------ e:\windows\IsUninst.exe
2009-01-14 03:08 . 2009-01-14 03:08 <DIR> d-------- E:\Documents
2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- e:\documents and settings\Dan Tilley\Tracing
2009-01-12 20:59 . 2009-01-12 20:59 <DIR> d-------- e:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 21:12 25,992 ----a-w e:\windows\system32\pgdfgsvc.exe
2009-01-19 19:02 932,696 ----a-w e:\windows\system32\Incinerator.dll
2009-01-06 13:41 --------- d-----w e:\program files\NT Registry Optimizer
2009-01-06 13:08 --------- d-----w e:\program files\Defraggler
2009-01-06 13:05 --------- d-----w e:\program files\Spybot - Search & Destroy
2009-01-06 12:20 --------- d-----w e:\program files\Microsoft Silverlight
2009-01-06 08:12 10,070 ----a-w e:\windows\system32\msrep32.dll
2008-12-22 08:47 --------- d-----w e:\documents and settings\NetworkService\Application Data\iolo
2008-12-22 08:36 --------- d-----w e:\documents and settings\LocalService\Application Data\iolo
2008-12-22 08:35 74,703 ----a-w e:\windows\system32\mfc45.dll
2008-12-22 08:35 --------- d-----w e:\documents and settings\All Users\Application Data\iolo
2008-12-21 05:12 --------- d-sh--w e:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-21 05:12 --------- d-----w e:\program files\TuneUp Utilities 2009
2008-12-21 05:12 --------- d-----w e:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-21 03:48 --------- d-----w e:\documents and settings\All Users\Application Data\TEMP
2008-12-13 06:49 21,840 ----a-w e:\windows\system32\SIntfNT.dll
2008-12-13 06:49 17,212 ----a-w e:\windows\system32\SIntf32.dll
2008-12-13 06:49 12,067 ----a-w e:\windows\system32\SIntf16.dll
2008-11-18 19:51 8,192 ----a-w e:\windows\system32\smrgdf.exe
2008-02-12 22:59 6,144 --sh--r e:\windows\system32\csrss.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-05_21.09.50.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-07-15 19:23:44 626,688 ----a-w e:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 19:23:44 327,680 ----a-w e:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-10-16 02:31:58 99,480 ----a-w e:\windows\system32\FwsVpn.dll
- 2007-09-25 06:30:28 135,168 ----a-w e:\windows\system32\java.exe
+ 2009-02-06 22:13:26 144,792 ----a-w e:\windows\system32\java.exe
- 2007-09-25 06:30:30 135,168 ----a-w e:\windows\system32\javaw.exe
+ 2009-02-06 22:13:26 144,792 ----a-w e:\windows\system32\javaw.exe
- 2007-09-25 07:31:42 139,264 ----a-w e:\windows\system32\javaws.exe
+ 2009-02-06 22:13:26 148,888 ----a-w e:\windows\system32\javaws.exe
+ 2004-10-16 02:31:56 218,264 ----a-w e:\windows\system32\SetAid.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SmcService"="e:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=e:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Dan Tilley^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=e:\documents and settings\Dan Tilley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=e:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-24 02:46 507224 e:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 e:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 02:39 486856 e:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2003-07-14 22:53 34880 e:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-06 14:13 136600 e:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 e:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BOCore"=2 (0x2)
"ose"=3 (0x3)
"Messenger"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"vsmon"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"sdAuxService"=2 (0x2)
"sdCoreService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"VideoAcceleratorService"=2 (0x2)
"usnjsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WinDefend"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"gusvc"=3 (0x3)
"ASKService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"LiveTurbineMessageService"=3 (0x3)
"LiveTurbineNetworkService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Office12\\OUTLOOK.EXE"=
"c:\\Office12\\groove.exe"=
"c:\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Cosmi\\SpyWare Killer Pro\\stealth\\stealthsurf.exe"=
"d:\\Turbine Download Manager\\TurbineNetworkService.exe"=
"d:\\Turbine Download Manager\\TurbineMessageService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16881:UDP"= 16881:UDP:rty
"62048:TCP"= 62048:TCP:Utor
"62048:UDP"= 62048:UDP:utor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe --> e:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ekrn;Eset Service;"e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S4 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe --> e:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe --> e:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S4 LiveTurbineMessageService;Turbine Message Service - Live;d:\turbine download manager\TurbineMessageService.exe [2009-02-03 255472]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;d:\turbine download manager\TurbineNetworkService.exe [2009-02-03 218608]
S4 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\svcntaux.exe --> e:\program files\Spyware Doctor\svcntaux.exe [?]
S4 WinDefend;Windows Defender;"e:\program files\Windows Defender\MsMpEng.exe" --> e:\program files\Windows Defender\MsMpEng.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 02:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Dan Tilley\Application Data\Mozilla\Firefox\Profiles\sxglj6bs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 00:12:46
Windows 5.1.2600 Service Pack 3, v.3311 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-08 0:15:29
ComboFix-quarantined-files.txt 2009-02-08 08:15:24
ComboFix4.txt 2009-02-06 05:10:58
ComboFix3.txt 2009-02-06 20:48:34
ComboFix2.txt 2009-02-07 09:24:26

Pre-Run: 7,888,125,952 bytes free
Post-Run: 7,866,302,464 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
284 --- E O F --- 2008-12-20 07:40:26

STEP 1

Please uninstall LIMEWIRE e:\program files\LimeWire
File sharing involves using technology that allows internet users to share files that are housed on their individual computers. Peer-to-peer (P2P) applications, such as those used to share music files, are some of the most common forms of file-sharing technology. However, P2P applications introduce security risks that may put your information or your computer in jeopardy.
Risks of File-Sharing Technology

STEP 2

Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

CODE

KILLALL::

Driver::
Lbd
epfwtdir
ekrn

File::
e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
e:\windows\nod32restoretemdono.reg
e:\windows\system32\csrss.exe
e:\windows\system32\drivers\epfwtdir.sys
e:\windows\system32\drivers\Lbd.sys
e:\windows\system32\pgdfgsvc.exe
e:\windows\system32\SIntf16.dll
e:\windows\system32\SIntf32.dll
e:\windows\system32\SIntfNT.dll
e:\windows\system32\smrgdf.exe
E:\XES88.tmp
E:\XES8A.tmp


Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bc-a9e5-11dc-8379-000c76b6d3d4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c47d84bd-a9e5-11dc-8379-000c76b6d3d4}]

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• Disconnect from the Internet.
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

STEP 3

Download to the desktop: Dr.Web CureIt

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, Click Options > Change settings
• Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
• Back at the main window, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
  If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

An error occurred when I tried to run the script. It the said CSF or CFS script (either or), was incorrectly spelt and didn't run.

It must be run from the desktop and it must be named: CFscript.txt then drag and drop it on a NEW copy of Combofix.exe

Please post a status update on this

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.