Vundo problems! Help me please!

D

demonic_angel

New member
Ahhh.... Vundo and a Spybot worm is infecting me! I used housecall and found them.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:04:48 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HI JACK!\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\ljjjjhg.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Thanks
 
Hi demonic_angel

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
 
Hi Shaba.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:22:36 AM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HI JACK!\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A860656D-AF64-4AE4-8CAA-5C4DD8A9A7DC} - C:\WINDOWS\system32\iiiig.dll (file missing)
O4 - HKLM\..\Run: [98e02a7b] rundll32.exe "C:\WINDOWS\system32\ablathhd.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
 
This is the combo fix log

and this is the combo fix log:

ComboFix 08-01-23.1C - Darrell Lau 2008-01-25 9:56:39.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.133 [GMT -8:00]
Running from: C:\Documents and Settings\Darrell Lau\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\ablathhd.dll
C:\WINDOWS\system32\dhhtalba.ini
C:\WINDOWS\system32\giiii.ini
C:\WINDOWS\system32\giiii.ini2
C:\WINDOWS\system32\iiiig.dll
C:\WINDOWS\system32\mcrh.tmp

----- BITS: Possible infected sites -----

hxxp://xpsite.org
hxxp://msgr.dlservice.microsoft.com
.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-22 18:15 . 2008-01-22 20:53 <DIR> d-------- C:\VundoFix Backups
2008-01-22 07:55 . 2008-01-22 07:56 38,400 --------- C:\WINDOWS\system32\ljjjjhg.dll
2008-01-10 16:29 . 2008-01-10 16:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 05:04 --------- d-----w C:\Program Files\HI JACK!
2008-01-10 06:48 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-08 03:35 --------- d-----w C:\Program Files\Last.fm
2007-12-19 09:25 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 04:36 --------- d-----w C:\Program Files\Combined Community Codec Pack
2007-12-19 03:52 --------- d-----w C:\Program Files\XviD
2007-11-24 07:23 139,008 ----a-w C:\WINDOWS\system32\guard32.dll.vir
2007-11-02 05:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-04-27 14:50 923,108 --sh--w C:\WINDOWS\system32\qqstv.bak1
.

((((((((((((((((((((((((((((( snapshot_2007-11-09_12.40.46.83 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 16:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-25 17:55:14 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 17:55:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 17:55:15 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 17:55:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 17:55:15 9,265,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 17:55:15 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2007-03-13 18:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 16:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-12-19 03:55:46 65,536 ----a-r C:\WINDOWS\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941033}\ARPPRODUCTICON.exe
- 2007-06-17 08:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 16:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2002-12-20 21:06:00 3,366,912 ----a-w C:\WINDOWS\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe
- 2007-08-14 21:11:53 156,671 ----a-w C:\WINDOWS\system32\atiicdxx.dat
+ 2007-09-14 13:03:51 157,034 ----a-w C:\WINDOWS\system32\atiicdxx.dat
- 2007-09-29 02:36:05 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
+ 2007-11-02 03:39:00 887,724 ----a-w C:\WINDOWS\system32\ativva6x.dat
- 2007-09-29 03:05:59 2,456,064 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2007-11-02 05:52:04 2,644,480 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
- 2004-08-04 00:56:54 3,555,328 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
+ 2002-12-20 21:06:00 3,366,912 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
- 2007-09-29 02:19:30 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
+ 2007-11-02 03:22:11 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
- 2007-09-29 03:05:59 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
+ 2007-11-02 05:52:04 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
+ 2007-11-24 07:23:13 79,096 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys
+ 2007-11-24 07:23:13 23,672 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
- 2007-09-17 02:07:43 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2007-11-24 07:23:13 74,616 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2007-09-29 03:21:29 9,854,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atioglx2.dll
+ 2007-09-29 02:47:38 172,032 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiok3x2.dll
+ 2007-09-29 02:36:05 3,107,788 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ativva5x.dat
+ 2007-09-29 02:36:05 972,072 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ativva6x.dat
+ 2007-11-02 04:57:40 9,314,304 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\atioglx2.dll
+ 2007-09-29 02:47:38 172,032 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\atiok3x2.dll
+ 2007-09-29 02:36:05 3,107,788 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativva5x.dat
+ 2007-11-02 03:39:00 887,724 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativva6x.dat
- 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 16:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-10-23 06:15:37 65,024 ----a-w C:\WINDOWS\twain_32\ScanDrv5\ApInfo.DAT
+ 2008-01-14 00:21:56 65,024 ----a-w C:\WINDOWS\twain_32\ScanDrv5\ApInfo.DAT
- 2007-10-23 06:15:35 10,752 ----a-w C:\WINDOWS\twain_32\ScanDrv5\HWInfo.DAT
+ 2008-01-14 00:21:54 10,752 ----a-w C:\WINDOWS\twain_32\ScanDrv5\HWInfo.DAT
- 2007-10-23 06:12:28 21,504 ---ha-w C:\WINDOWS\twain_32\ScanDrv5\InApInfo.dat
+ 2008-01-14 00:19:37 21,504 ---ha-w C:\WINDOWS\twain_32\ScanDrv5\InApInfo.dat
- 2007-10-23 06:15:37 267,318 ----a-w C:\WINDOWS\twain_32\ScanDrv5\PrevImg4.Dat
+ 2008-01-14 00:21:56 267,318 ----a-w C:\WINDOWS\twain_32\ScanDrv5\PrevImg4.Dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A860656D-AF64-4AE4-8CAA-5C4DD8A9A7DC}]
C:\WINDOWS\system32\iiiig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\B2CSoUI]
@={CCDB9917-2613-0A4B-8109-0CB35BACB7AC}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kbdhelv3]
@={452DC59B-C505-8987-E6C2-080778C2A2CB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\RTNK.a]
@={3751C544-2B35-0025-CA90-44824282AD34}

[HKEY_CLASSES_ROOT\CLSID\{CCDB9917-2613-0A4B-8109-0CB35BACB7AC}]
C:\WINDOWS\system32\SoUI.dll

[HKEY_CLASSES_ROOT\CLSID\{452DC59B-C505-8987-E6C2-080778C2A2CB}]
C:\WINDOWS\system32\kbdhelv3.dll

[HKEY_CLASSES_ROOT\CLSID\{3751C544-2B35-0025-CA90-44824282AD34}]
C:\WINDOWS\system32\\rtnka.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"98e02a7b"="C:\WINDOWS\system32\ablathhd.dll" [ ]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 16:56 388608]

C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-02 12:53:11 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoStartMenuSubFolders"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"w"= %SystemRoot%\WinRaR.exe
"mm"= %SystemRoot%\sourro.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{36CD708B-6077-4C02-9377-D73EAA495A0F}"= C:\WINDOWS\WinHttp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NOD32 Control Center.lnk
backup=C:\WINDOWS\pss\NOD32 Control Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=C:\WINDOWS\pss\PenPower PenKeyboard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=C:\WINDOWS\pss\PenPower Start-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2004-09-16 15:15 538112 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2007-07-18 23:28 6150456 D:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2007-11-23 23:23 1481984 C:\Program Files\Comodo\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 14:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC1300 Monitor]
--------- 2002-08-08 08:13 45056 D:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-03 11:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 17:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2005-05-20 18:19 949376 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-06-08 15:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-14 17:08 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 23:23]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 23:23]
R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe [2002-05-03 12:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 12:36]
S3 DC1300;DC 1300 WDM Video Capture;C:\WINDOWS\system32\Drivers\BSC504AV.SYS [2002-08-07 10:33]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 17:52]
S3 USBCamera;DC 1300 Still Image Capture;C:\WINDOWS\system32\Drivers\BscBulk.sys [2002-07-25 03:19]
S4 D428BA68;D428BA68;C:\WINDOWS\system32\8C4ED30.EXE []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 19:53:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
??
??? 4\- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-12-25 11:48:20 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 10:19:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-25 10:22:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 18:21:59
ComboFix2.txt 2007-11-09 20:41:56
ComboFix3.txt 2003-09-10 06:46:54
ComboFix4.txt 2007-09-10 02:20:59

Thanks
 
Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\ljjjjhg.dll
C:\WINDOWS\system32\qqstv.bak1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A860656D-AF64-4AE4-8CAA-5C4DD8A9A7DC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"98e02a7b"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

And also check if you can find these files:

C:\WINDOWS\system32\SoUI.dll

C:\WINDOWS\system32\kbdhelv3.dll

C:\WINDOWS\system32\rtnka.dll
 
This is the Combo fix log

ComboFix 08-01-23.1C - Darrell Lau 2008-01-25 11:58:14.6 - NTFSx86
Running from: C:\Documents and Settings\Darrell Lau\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Darrell Lau\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\ljjjjhg.dll
C:\WINDOWS\system32\qqstv.bak1
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ljjjjhg.dll
C:\WINDOWS\system32\qqstv.bak1

.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-22 18:15 . 2008-01-22 20:53 <DIR> d-------- C:\VundoFix Backups
2008-01-10 16:29 . 2008-01-10 16:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 18:22 --------- d-----w C:\Program Files\HI JACK!
2008-01-10 06:48 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-08 03:35 --------- d-----w C:\Program Files\Last.fm
2007-12-19 09:25 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 04:36 --------- d-----w C:\Program Files\Combined Community Codec Pack
2007-12-19 03:52 --------- d-----w C:\Program Files\XviD
2007-11-24 07:23 139,008 ----a-w C:\WINDOWS\system32\guard32.dll.vir
2007-11-02 05:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-25_10.21.18.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 17:55:14 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 19:57:36 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 17:55:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 19:57:36 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 17:55:15 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 19:57:36 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 17:55:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 19:57:36 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 17:55:15 9,265,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 19:57:37 9,265,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-25 17:55:15 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 19:57:37 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\B2CSoUI]
@={CCDB9917-2613-0A4B-8109-0CB35BACB7AC}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kbdhelv3]
@={452DC59B-C505-8987-E6C2-080778C2A2CB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\RTNK.a]
@={3751C544-2B35-0025-CA90-44824282AD34}

[HKEY_CLASSES_ROOT\CLSID\{CCDB9917-2613-0A4B-8109-0CB35BACB7AC}]
C:\WINDOWS\system32\SoUI.dll

[HKEY_CLASSES_ROOT\CLSID\{452DC59B-C505-8987-E6C2-080778C2A2CB}]
C:\WINDOWS\system32\kbdhelv3.dll

[HKEY_CLASSES_ROOT\CLSID\{3751C544-2B35-0025-CA90-44824282AD34}]
C:\WINDOWS\system32\\rtnka.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-02 12:53:11 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoStartMenuSubFolders"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"w"= %SystemRoot%\WinRaR.exe
"mm"= %SystemRoot%\sourro.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{36CD708B-6077-4C02-9377-D73EAA495A0F}"= C:\WINDOWS\WinHttp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NOD32 Control Center.lnk
backup=C:\WINDOWS\pss\NOD32 Control Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=C:\WINDOWS\pss\PenPower PenKeyboard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=C:\WINDOWS\pss\PenPower Start-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2004-09-16 15:15 538112 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2007-07-18 23:28 6150456 D:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2007-11-23 23:23 1481984 C:\Program Files\Comodo\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 14:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC1300 Monitor]
--------- 2002-08-08 08:13 45056 D:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-03 11:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 17:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2005-05-20 18:19 949376 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-06-08 15:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-14 17:08 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 23:23]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 23:23]
R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe [2002-05-03 12:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 12:36]
S3 DC1300;DC 1300 WDM Video Capture;C:\WINDOWS\system32\Drivers\BSC504AV.SYS [2002-08-07 10:33]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 17:52]
S3 USBCamera;DC 1300 Still Image Capture;C:\WINDOWS\system32\Drivers\BscBulk.sys [2002-07-25 03:19]
S4 D428BA68;D428BA68;C:\WINDOWS\system32\8C4ED30.EXE []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 19:52:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-12-25 11:48:20 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 12:16:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-25 12:20:44
ComboFix-quarantined-files.txt 2008-01-25 20:20:36
ComboFix2.txt 2008-01-25 18:22:07
ComboFix3.txt 2007-11-09 20:41:56
ComboFix4.txt 2003-09-10 06:46:54
ComboFix5.txt 2007-09-10 02:20:59
 
and here's the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 12:58:54 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HI JACK!\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Thank you once again
 
Hi

Can you find these files?

C:\WINDOWS\system32\SoUI.dll

C:\WINDOWS\system32\kbdhelv3.dll

C:\WINDOWS\system32\rtnka.dll
 
Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\SoUI.dll
C:\WINDOWS\system32\kbdhelv3.dll
C:\WINDOWS\system32\rtnka.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\B2CSoUI]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kbdhelv3]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\RTNK.a]

[HKEY_CLASSES_ROOT\CLSID\{CCDB9917-2613-0A4B-8109-0CB35BACB7AC}]

[HKEY_CLASSES_ROOT\CLSID\{452DC59B-C505-8987-E6C2-080778C2A2CB}]

[HKEY_CLASSES_ROOT\CLSID\{3751C544-2B35-0025-CA90-44824282AD34}]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Here is the ComboFix Log:

ComboFix 08-01-23.1C - Darrell Lau 2008-01-26 17:29:13.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.202 [GMT -8:00]
Running from: C:\Documents and Settings\Darrell Lau\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Darrell Lau\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\kbdhelv3.dll
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-22 18:15 . 2008-01-22 20:53 <DIR> d-------- C:\VundoFix Backups
2008-01-10 16:29 . 2008-01-10 16:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:58 --------- d-----w C:\Program Files\HI JACK!
2008-01-10 06:48 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-08 03:35 --------- d-----w C:\Program Files\Last.fm
2007-12-19 09:25 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 04:36 --------- d-----w C:\Program Files\Combined Community Codec Pack
2007-12-19 03:52 --------- d-----w C:\Program Files\XviD
2007-11-24 07:23 139,008 ----a-w C:\WINDOWS\system32\guard32.dll.vir
2007-11-02 05:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-25_10.21.18.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 17:55:14 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 01:28:15 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 17:55:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 01:28:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 17:55:15 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 01:28:15 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 17:55:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 01:28:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 17:55:15 9,265,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 01:28:16 9,265,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-25 17:55:15 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 01:28:16 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\B2CSoUI]
@={CCDB9917-2613-0A4B-8109-0CB35BACB7AC}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kbdhelv3]
@={452DC59B-C505-8987-E6C2-080778C2A2CB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\RTNK.a]
@={3751C544-2B35-0025-CA90-44824282AD34}

[HKEY_CLASSES_ROOT\CLSID\{CCDB9917-2613-0A4B-8109-0CB35BACB7AC}]
C:\WINDOWS\system32\SoUI.dll

[HKEY_CLASSES_ROOT\CLSID\{452DC59B-C505-8987-E6C2-080778C2A2CB}]
C:\WINDOWS\system32\kbdhelv3.dll

[HKEY_CLASSES_ROOT\CLSID\{3751C544-2B35-0025-CA90-44824282AD34}]
C:\WINDOWS\system32\\rtnka.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-02 12:53:11 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoStartMenuSubFolders"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"w"= %SystemRoot%\WinRaR.exe
"mm"= %SystemRoot%\sourro.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{36CD708B-6077-4C02-9377-D73EAA495A0F}"= C:\WINDOWS\WinHttp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NOD32 Control Center.lnk
backup=C:\WINDOWS\pss\NOD32 Control Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=C:\WINDOWS\pss\PenPower PenKeyboard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=C:\WINDOWS\pss\PenPower Start-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2004-09-16 15:15 538112 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2007-07-18 23:28 6150456 D:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2007-11-23 23:23 1481984 C:\Program Files\Comodo\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 14:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC1300 Monitor]
--------- 2002-08-08 08:13 45056 D:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-03 11:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 17:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2005-05-20 18:19 949376 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-06-08 15:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-14 17:08 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 23:23]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 23:23]
R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe [2002-05-03 12:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 12:36]
S3 DC1300;DC 1300 WDM Video Capture;C:\WINDOWS\system32\Drivers\BSC504AV.SYS [2002-08-07 10:33]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 17:52]
S3 USBCamera;DC 1300 Still Image Capture;C:\WINDOWS\system32\Drivers\BscBulk.sys [2002-07-25 03:19]
S4 D428BA68;D428BA68;C:\WINDOWS\system32\8C4ED30.EXE []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 19:52:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-12-25 11:48:20 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 17:34:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-26 17:35:37
ComboFix-quarantined-files.txt 2008-01-27 01:35:29
ComboFix2.txt 2008-01-25 20:20:46
ComboFix3.txt 2008-01-25 18:22:07
ComboFix4.txt 2007-11-09 20:41:56
ComboFix5.txt 2003-09-10 06:46:54
 
Hi

No success there.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\B2CSoUI]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kbdhelv3]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\RTNK.a]

[-HKEY_CLASSES_ROOT\CLSID\{CCDB9917-2613-0A4B-8109-0CB35BACB7AC}]

[-HKEY_CLASSES_ROOT\CLSID\{452DC59B-C505-8987-E6C2-080778C2A2CB}]

[-HKEY_CLASSES_ROOT\CLSID\{3751C544-2B35-0025-CA90-44824282AD34}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"w"=-
"mm"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Here's the ComboFix Log:

ComboFix 08-01-23.1C - Darrell Lau 2008-01-27 9:13:18.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]Running from: C:\Documents and Settings\Darrell Lau\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Darrell Lau\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 23:58 . 2008-01-26 23:58 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4
2008-01-22 18:15 . 2008-01-22 20:53 <DIR> d-------- C:\VundoFix Backups
2008-01-10 16:29 . 2008-01-10 16:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:58 --------- d-----w C:\Program Files\HI JACK!
2008-01-10 06:48 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-08 03:35 --------- d-----w C:\Program Files\Last.fm
2007-12-19 09:25 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 09:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 04:36 --------- d-----w C:\Program Files\Combined Community Codec Pack
2007-12-19 03:52 --------- d-----w C:\Program Files\XviD
2007-11-24 07:23 139,008 ----a-w C:\WINDOWS\system32\guard32.dll.vir
2007-11-02 05:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-11-02 04:57 9,314,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-25_10.21.18.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 17:55:14 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 17:12:45 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 17:55:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 17:12:45 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 17:55:15 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 17:12:45 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 17:55:15 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 17:12:45 1,183,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 17:55:15 9,265,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 17:12:45 9,265,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-25 17:55:15 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 17:12:46 1,359,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-02 12:53:11 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoStartMenuSubFolders"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"w"= %SystemRoot%\WinRaR.exe
"mm"= %SystemRoot%\sourro.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{36CD708B-6077-4C02-9377-D73EAA495A0F}"= C:\WINDOWS\WinHttp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NOD32 Control Center.lnk
backup=C:\WINDOWS\pss\NOD32 Control Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=C:\WINDOWS\pss\PenPower PenKeyboard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=C:\WINDOWS\pss\PenPower Start-Up.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2004-09-16 15:15 538112 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2007-07-18 23:28 6150456 D:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2007-11-23 23:23 1481984 C:\Program Files\Comodo\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 14:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC1300 Monitor]
--------- 2002-08-08 08:13 45056 D:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-03 11:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 17:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2005-05-20 18:19 949376 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-06-08 15:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-14 17:08 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-23 23:23]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-23 23:23]
R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe [2002-05-03 12:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 12:36]
S3 DC1300;DC 1300 WDM Video Capture;C:\WINDOWS\system32\Drivers\BSC504AV.SYS [2002-08-07 10:33]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 17:52]
S3 USBCamera;DC 1300 Still Image Capture;C:\WINDOWS\system32\Drivers\BscBulk.sys [2002-07-25 03:19]
S4 D428BA68;D428BA68;C:\WINDOWS\system32\8C4ED30.EXE []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 19:52:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-12-25 11:48:20 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 09:18:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-27 9:22:58
ComboFix-quarantined-files.txt 2008-01-27 17:22:50
ComboFix2.txt 2008-01-27 01:35:38
ComboFix3.txt 2008-01-25 20:20:46
ComboFix4.txt 2008-01-25 18:22:07
ComboFix5.txt 2007-11-09 20:41:56


Thanks again
 
Oh, sorry :oops:

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:49:37 AM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Last.fm\LastFM.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HI JACK!\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
 
Hi

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"w"=-
"mm"=-

It should look like this ->
reg.gif


Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
Hi Shaba

Here's the log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 1:02:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534146
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 81167
Number of viruses found: 28
Number of infected objects: 98
Number of suspicious objects: 0
Duration of the scan process: 02:37:09

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc299263c1fbc6e1dc2382b484baa392_ff4796c2-f9e6-404d-80be-655d3f0173c8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Mirar1.zip/WinATS.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Mirar1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PSGuardmsmsgs1.zip/popuper.exe Infected: Trojan.Win32.Puper.aw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PSGuardmsmsgs1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/Installeur.exe Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip/winfix.chm/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip/winfix.chm/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip/winfix.chm/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip/winfix.chm Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer.zip/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer2.zip/Programs/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer2.zip/Programs/whinstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer2.zip ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus1.zip/tp7543.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus10.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus11.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus12.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus13.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus14.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus15.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus16.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus17.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus18.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus18.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus19.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus2.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus20.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus20.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus21.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus22.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus3.zip/dmonwv.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus6.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus7.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus8.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus9.zip/hbbki.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinOnLineGames.zip/winform.dll Infected: Trojan-PSW.Win32.OnLineGames.te skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinOnLineGames.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinOnLineGames1.zip/winform.exe Infected: Trojan-PSW.Win32.OnLineGames.te skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinOnLineGames1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip/pmuninst.exe Infected: Trojan-Downloader.Win32.Zlob.giw skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/pmsngr.exe Infected: Trojan-Downloader.Win32.Zlob.gjb skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip/pmmon.exe Infected: Trojan-Downloader.Win32.Zlob.bgi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject3.zip/isamini.exe Infected: Trojan-Downloader.Win32.Zlob.bfj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject4.zip/uninst.exe Infected: Trojan-Downloader.Win32.Zlob.bcl skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject5.zip/isauninst.exe Infected: Trojan-Downloader.Win32.Zlob.bfj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\backup-20070427-220035-403.dll.bac_a02556 Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\ie_update3r.exe.bac_a02376 Infected: Trojan-Downloader.Win32.Small.fyh skipped
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\ie_updater.exe.bac_a02376 Infected: Trojan-Downloader.Win32.Small.fyh skipped
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\iifebcb.dll.bad.bac_a01888 Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\ljjjjhg.dll.bad.bac_a01888 Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\qiawpbjj.dll.bac_a03120 Infected: Trojan-Downloader.Win32.VB.bpr skipped
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\sysoize.exe.bac_a02376 Infected: Trojan-Downloader.Win32.Small.fyh skipped
C:\Documents and Settings\Darrell Lau\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Darrell Lau\DoctorWeb\Quarantine\A0048610.EXE Infected: Trojan.VBS.Runner.o skipped
C:\Documents and Settings\Darrell Lau\DoctorWeb\Quarantine\revbrev.EXE Infected: Trojan.VBS.Runner.o skipped
C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Last.fm\Client\Last.fm.log Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Last.fm\collection.db Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\Temp\etilqs_vIUcycZlsFpgG9M Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\Temp\~DFB30D.tmp Object is locked skipped
C:\Documents and Settings\Darrell Lau\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Darrell Lau\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Darrell Lau\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Terence\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Lavasoft\Ad-Aware\description.ini Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Lavasoft\Ad-Aware\settings.awc Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Lavasoft\Ad-Aware\stats.awd Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\AnswersPanel\Answers.swf Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\AnswersPanel\lib.swf Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\AnswersPanel\panel.swf Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\AnswersPanel\shim.swf Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\AnswersPanel\shim_init.xml Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Fireworks Color List.txt Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Fireworks Language.txt Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Fireworks MX Preferences.txt Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Fireworks Panel Prefs.xml Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Fireworks.ini Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Fireworks.mch Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Font Map.txt Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Nav Menu\Styles.stl Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Project_Log.htm Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Styles\Style Defaults.stl Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\URL Libraries\URLs.htm Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Fireworks MX\Web_Log.htm Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Flash Player\localhost\#FireworksMX\general.sol Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Flash Player\localhost\#FireworksMX\panel.sol Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\2BBA88436E92E1ABCED8E68D74DC5B38 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\71644221AC231DBD2359C18EBB2118DC Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\C571B417AAF1F617555A0486AB3F5361 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BBA88436E92E1ABCED8E68D74DC5B38 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\71644221AC231DBD2359C18EBB2118DC Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\C571B417AAF1F617555A0486AB3F5361 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1123561945-764733703-1343024091-1008\fc716dc4bf0d0bf3babefc53d340ad9b_ff4796c2-f9e6-404d-80be-655d3f0173c8 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\IMJP8_1\imjp81u.dic Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Media Player\00B3D807.wpl Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MMC\dfrg Object is locked skipped
 
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Backgrounds\TFR1E.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Backgrounds\TFR1F.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Backgrounds\TFR20.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Backgrounds\TFR21.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Backgrounds\TFR22.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\DynamicBackgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\DynamicBackgrounds\TFR26.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\DynamicBackgrounds\TFR31.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\DynamicBackgrounds\TFR3C.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\DynamicBackgrounds\TFR47.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\MapFile\TFR1D.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\MapFile\TFR4F.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\MapFile\TFR50.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\MapFile\TFR6F.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\sqmnoopt00.sqm Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR12.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR13.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR14.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR15.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR16.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR17.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR18.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR19.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR1A.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR1B.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\UserTile\TFR1C.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR52.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR54.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR56.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR58.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR5A.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR5C.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR5E.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR60.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR62.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR64.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR66.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR68.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR6A.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR6C.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSN Messenger\1554524456\Winks3\TFR6E.dat Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\MSNLiveFav\log.xsl Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Protect\S-1-5-21-1123561945-764733703-1343024091-1008\86a3a9eb-632b-436d-a1e9-47813d3048c9 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Protect\S-1-5-21-1123561945-764733703-1343024091-1008\ef70ec26-ba5c-4098-8990-078c0bba9484 Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Protect\S-1-5-21-1123561945-764733703-1343024091-1008\Preferred Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\WLTB Custom Buttons\microsoft.msn.mymsn.btn\button.xml Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\WLTB Custom Buttons\microsoft.msn.mymsn.btn\msn.bmp Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.addbtn.btn\add.bmp Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.addbtn.btn\button.xml Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.news.btn\button.xml Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.news.btn\news.bmp Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Sun\Java\Deployment\log\plugin150_06.trace Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Symantec\Shared\MyProfile.UserProfile Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Symantec\Shared\Sessions\20061121072318644.liveReg Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Xfire\status.ini Object is locked skipped
C:\Documents and Settings\Terence\Application Data\Xfire\XfireUser.ini Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\001873e5-7053-41d4-be2e-61848fe3592f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\009c54a5-17be-4fc0-84ec-8de71db16891.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\01515a94-37b9-4947-b894-5b5ce6e4c83d.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\0287e06f-ec01-4ee9-be71-4dcbec00cbb4.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\04b85058-a442-4a2c-8a3c-b13a3ff03344.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\04bb91ee-05b1-45fa-b86b-d2e9258853f7.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\05323fa9-8dfc-4641-8fe6-d4b1d4612197.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\0657b47c-cb57-4873-b49b-ad10ab22d0a9.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\09acb510-769a-4d52-90b3-6ef7e16125ae.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\0c6dad7a-4cd1-4ba5-9a40-2ffb9c0d0007.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\0c80f3a5-2e64-422d-b513-83e95e326734.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\0d346ff7-f1fe-4967-a244-8c970f3bf760.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\10f2c644-e615-43bf-b0ce-4ed03a3ac754.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\11dce1f8-d2ec-44a4-9f32-dbd6ccb97a44.WindowsLiveGroup Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\1459bdf7-1ff2-4cf6-9316-2044acefd6cf.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\146db830-31d4-45e8-877b-f145deac47ba.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\14732a0e-4055-420a-962d-f953606e9fc2.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\14c1e6d7-31ff-4e41-b6db-88e50aee6be2.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\155ac3b4-f7b2-4767-9dc5-7bac257dc10b.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\1638a4f8-e60e-418e-911b-e9976449775c.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\18044a49-9db3-4e54-98fb-1a0cb0f24658.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\189a7fb3-6194-4a25-ad5b-e2eb7db72e05.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\1b2e44db-3962-4ea8-bf30-8bf621724eef.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\1bbaa2f8-9b7b-4161-b69a-bc0c3c13e521.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\1c831c5c-df32-4b40-8d97-7736927db78c.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\1d53b025-82ed-4f67-9178-321a350727b3.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\220c4b91-a0e9-4709-b02c-1a01cd5c53b5.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\22c12b5f-3e73-4bd5-a30a-b0a40556efcc.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\24d237fa-37ec-400f-89fa-dfa6df78b22e.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\25ee8258-4467-4f90-9097-6c737cedb883.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\26b07d0a-b035-4663-9320-934f14350c89.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\284a1b92-b48f-4b89-b128-e6528867aa6e.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2865cd87-43d8-40dc-86a9-65372551900f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\29352e87-a55a-47aa-968c-47c8d221f191.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2a2fdcc9-80cf-449b-bfc3-5a10152bed2e.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2a47693e-875d-40f8-8bce-d62669ad72c9.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2aac424e-4c36-4a95-a1b2-c2c3180a2788.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2b2ed48e-d9bb-49fe-a6da-edb79d9c9fc9.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2ba2a28a-d3e7-405d-aee4-b2f1d65a5c9f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2c0a9973-62d5-4bd8-9413-bf7063231cf5.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2c0ee16b-3011-4d61-9a61-cad0e6812ebf.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2c2791f5-6dd8-4855-a9ff-0e58e2cf74bd.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2e1d6bf2-bb3e-413d-8c9a-9324557fd561.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\2f512d8d-5128-4cfe-8bec-84775bd707ce.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3136ad9c-6375-47e2-a8ab-2455aaa27812.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\32f87bf2-07f2-4303-a5f8-e9f92bcad5ae.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\34906c8e-428b-4c00-b1bc-d77c629ad3d8.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\34ff3dca-92a9-4e44-bf68-3050d93c69a0.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\35834a97-7879-42fc-b9c7-688dac2e7d86.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\35f65b25-d4a3-4103-a090-232696ada20c.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3646c26c-a9b3-497f-9b90-0eb08b903908.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3688abcd-fb03-4474-a36d-b7b209feb33a.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\390ba886-e6f0-48fb-82e3-26a1c29db82a.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\399aff27-18b7-4d9f-9e13-7a4b5b129576.WindowsLiveContact Object is locked
 
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3a7c6cb8-9256-407a-a130-72d0fe451ef0.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3aa6d44f-76df-4044-9193-28bc6b476dd1.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3af185c1-c3bd-4b77-9da9-a74551d134ac.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3b18e561-e1a2-4da3-bea6-0a36e50928f8.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3c2b222f-01dd-4b39-ae92-d15976690569.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3e928e0d-089c-423f-8832-a05360165a4a.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3edfbfa7-8c85-47de-8def-c30a85a88f90.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3f6b1998-92fc-4a7e-930a-08b309871b3f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\3fb28243-7c78-42b8-990b-0afcbc0db9a9.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4028a5de-56cb-42fd-989f-94184e3f2734.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\42adb73a-6fe8-4e09-9bde-16a7de4c9a38.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\42ba3f4a-a500-49fd-9131-aa04b74b5fc1.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\42c002a5-7866-4dff-a388-db1bda253fc7.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\46d48975-9c17-4d04-9d06-4d887e312de4.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\478d6566-a52e-4a8e-822a-88c52abb7896.WindowsLiveGroup Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4836e2f5-9539-4fbe-a30d-106b3def3425.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\48d5636a-15f4-4710-a347-bf451462ba3f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4a193340-d6bc-4f6d-a5ad-0fd28d78052a.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4c652414-68f1-49b1-afe1-470f3edde291.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4c82f81b-fdcd-44b3-8d5d-7d291b24a91a.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4d52befd-1587-4153-85f1-3378b2245452.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4d66016c-0187-4e3b-9ce6-831f901b3af2.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4dc3ac95-e186-4987-b6e4-ec17a34687ee.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4e80b154-487d-4a90-a23f-719e40aac3d5.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\4f000c6f-d856-49ec-b04b-04affb04ed5e.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\504a7abf-4573-4247-85c3-e0d4ed5f24b2.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\51598f9a-463a-419c-b24a-c867da692964.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\51f106cf-7280-4e40-941f-6a8e181db0bd.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\52f15e19-8293-4f15-a08a-318bb31aa2c7.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\536588cb-8f03-46df-830e-fafc3fc15969.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\53659cb9-00ac-4b65-b362-c1aba9816a21.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\56d8cfb1-1306-4182-8595-7c2d163486ac.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\56ee3cc0-40e3-4cda-a10d-f707ee7faf6f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\57380827-2ae9-4b00-8156-8a5cb74a3583.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\575b0f47-b7b7-4670-9cbe-392e1d7bb4e9.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\599e586e-5c64-4514-a22a-2f763f98b923.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\59e17dab-c285-4a6c-8905-7713617f419f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\5a2e5e7f-f59c-43bf-9f1e-bddf625636fd.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\5a382b41-ab60-418e-8a81-82a8bfce326f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\5b2db75a-b07a-425e-a639-fd97cbcd6598.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\5cf86fc9-cd36-4dca-b243-c0636478f74a.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\5f84aa67-ee96-47b6-bd5e-cd50efe427ca.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6101e2f4-4e66-45e3-afcf-db4f942902e7.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\62a275af-39a0-4827-a3f3-8c56457ac12b.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\638748e9-83bc-4c84-bf50-3af87daf9d35.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\642f5115-172d-4d91-bc60-c346e96d07f7.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\64955096-dbe2-41ef-a119-b8328d6c78c5.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\64ca488a-b974-4ce8-b4e0-362b325a1039.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\651792e0-b931-4689-8c3c-3ce44849b6f8.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\66438079-0efe-4299-97ae-8c4cb43e2a5e.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\664868d6-52fd-43b8-92b6-becb75221d0d.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6704fa73-1b77-420c-82af-de7bb9341cad.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\67c553fd-d1a6-4886-a3f3-c1f640f6fadf.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\68853b8c-8c98-4720-99eb-6fd8332280a3.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\68e907d9-4e5e-4e44-bfe7-08a4957c4725.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6adb4d3b-d305-40ad-8e69-cf79a59f2c75.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6b0d9329-c01e-44d6-b87a-dcfd066cede2.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6b150ae2-2f01-4cc1-bd32-698f8470ec24.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6b2b9f0e-972e-4b6e-aa72-d236eb29aa57.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6cae1ec8-7206-4817-9c02-cabcfb3f3c87.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6d38dd3b-dbb5-462f-b7ff-7a2f09834372.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\6e84172f-faa3-4773-90ed-4cfd66223d52.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\72b78a72-cc34-4c14-ad99-cb230e3ca160.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\7336decc-193d-44ef-8a1a-c9695380b637.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\734bd6d8-d2ba-4668-b163-483654f80609.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\73be4433-55e8-4de1-9843-51d4c220671b.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\745255b9-c669-41b9-b41e-77eabfcc68c2.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\750cfb97-fef5-406b-a0dc-a65557cba6b3.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\76207af0-3356-493d-a590-1ede851c107b.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\7797bbd2-3667-4a72-89ff-9c3191687262.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\79bc033b-780c-42c2-9b17-42c8a6f80821.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\7b1bef9c-c954-4710-90c3-854fc1317227.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\7beda3d4-48ce-4407-b62f-b4936b849d2c.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\7da77873-26f7-4d76-8bbd-82af8baf80d6.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\7f0907bc-0ba4-4251-b515-026fd1acb475.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\801cec8f-2f3b-4105-8536-8e4e26864dff.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8041f70d-ada9-4a7b-b769-ea7d36898031.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\81490782-6330-4317-835f-e955abc3e5e5.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\820306ea-994b-46e4-9273-bf18e963bd7f.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\844dd24a-5f2c-4ca7-991c-8b2131b9ee55.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\84bca448-a3fe-4382-ad9d-2e02f15b6269.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\87644d56-ad35-4ab4-a039-515da383b8b3.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\87f4c39c-ee39-4326-958f-2ba9d1e2be69.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\888e0985-2e03-4806-8bd0-3d9d7fb0a769.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8a161c58-8cfe-4028-a2c3-d5eb33f9b192.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8a1ad004-844c-4245-9c14-5617ec217fb8.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8a795d7c-bba0-4167-b474-493ebcd241ad.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8ab26f73-77ee-4dcd-9419-a3263c88010b.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8c4efdd7-ad43-41e7-83b8-8da5e3c45868.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8ce1febf-e4c7-449a-a011-dee383d83268.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8e8d44e2-8bcd-47df-9c3b-59b677c4ff12.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\8ebb9ede-b442-465f-81b4-a530d2cec1ca.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\90260f94-06b3-4689-afb8-0f03d836d9a6.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\91d5c374-a3c8-4591-bd02-777151190802.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\91dff381-81a9-4ae2-9d60-cebcb4518dd1.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\9314bf4b-77c3-42aa-9ce0-0a0f9db2ee19.WindowsLiveContact Object is locked skipped
C:\Documents and Settings\Terence\Contacts\eternal_lasting_love@hotmail.com\9368779d-7aa6-40be-ac4d-c26c9fb757fe.WindowsLiveContact Object is locked
 
You must log in or register to reply here.
Back
Top