How do you post on the forums. Everything seems locked

Also I am not at the computer that is now down since my first contact. What ever is on my other computer has now locked 8 more files which are now Internet explorer and I am not able to get on line to download the links that were sent to me.

Can you use this machine your on currently and download the files to a memory stick?

ComboFix 09-05-20.09 - user 05/20/2009 21:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.714 [GMT -4:00]
Running from: E:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\N1
c:\documents and settings\NetworkService\protect.dll
c:\documents and settings\user\Application Data\pidle
c:\documents and settings\user\protect.dll
c:\documents and settings\user\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthxdukkjgjt.sys
c:\windows\system32\iguwudil.ini
c:\windows\system32\lds.exe
c:\windows\system32\lmn_setup.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\ovfsthxbovmgafn.dll
c:\windows\system32\ovfsthxcyqypbev.dat
c:\windows\system32\ovfsthxinforiuj.dat
c:\windows\system32\ovfsthxoaplrnow.dll
c:\windows\system32\ovfsthxsfqroyym.dll
c:\windows\system32\royalogo.exe
c:\windows\system32\sdra64.exe
c:\windows\t55ft2692f44.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxedfeaacc


((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-07 13:49 . 2009-05-07 13:49 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-07 13:33 . 2009-05-07 14:20 -------- d-----w c:\windows\system32\796525
2009-05-06 22:57 . 2009-05-06 22:57 -------- d-sh--w c:\documents and settings\user\IECompatCache
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ESET
2009-05-06 21:17 . 2009-05-06 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-06 02:23 . 2009-05-06 02:23 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-05 03:23 . 2009-05-05 03:23 -------- d-sh--w c:\documents and settings\user\PrivacIE
2009-05-05 03:17 . 2009-05-05 03:17 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-05 03:16 . 2009-05-05 03:16 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-05-05 02:43 . 2009-05-05 02:43 -------- d-----w c:\windows\ie8updates
2009-05-05 02:43 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-05 02:40 . 2009-05-05 02:43 -------- dc-h--w c:\windows\ie8
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-05-05 01:44 . 2009-05-05 01:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\user\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 02:26 -------- d-----w c:\documents and settings\All Users\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-05 01:21 . 2009-05-05 20:47 -------- d-----w c:\documents and settings\user\Application Data\Desktopicon
2009-05-05 01:21 . 2009-05-09 15:05 -------- d-----w c:\program files\Unlocker
2009-05-04 21:40 . 2009-05-04 21:40 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Symantec
2009-05-04 21:30 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-04 21:30 . 2009-01-15 16:19 23848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-04 21:30 . 2009-05-04 21:30 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-04 21:30 . 2009-05-06 02:22 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations
2009-05-04 21:29 . 2009-05-04 23:22 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-04 21:23 . 2009-05-04 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-04 21:09 . 2009-05-04 21:24 -------- d-----w c:\documents and settings\user\Application Data\GetRightToGo
2009-05-03 12:33 . 2009-05-03 12:33 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-05-01 14:30 . 2007-08-02 02:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-30 23:42 . 2009-04-30 23:42 -------- d-----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 13:12 . 2009-02-25 21:37 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-06 21:49 . 2008-06-02 01:21 -------- d-----w c:\program files\MSN Messenger
2009-05-06 02:26 . 2006-09-13 16:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 18:49 . 2009-02-24 21:27 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-04 18:49 . 2009-02-24 21:27 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-30 23:53 . 2006-09-13 18:41 -------- d-----w c:\program files\Java
2009-04-27 16:46 . 2008-06-02 02:02 -------- d-----w c:\program files\Common Files\Adobe
2009-04-05 05:25 . 2009-04-05 05:24 -------- d-----w c:\program files\Yahoo!
2009-03-29 12:57 . 2006-12-20 20:01 19424 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 09:19 . 2009-02-24 21:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2006-06-23 16:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2003-07-16 16:26 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2003-07-16 16:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2003-07-16 16:43 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2003-07-16 16:17 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2003-07-16 16:24 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2003-07-16 16:24 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2003-07-16 16:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2003-07-16 16:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2003-07-16 16:30 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-16 16:34 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-05-25 126976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\documents and settings\user\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - e:\limewire\LimeWire.exe [2009-1-29 139776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 18:49 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"e:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 5:27 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 5:27 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/24/2009 5:27 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/24/2009 5:27 PM 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2ed15f84-b61a-4836-8e59-a58a80fa79ee} - (no file)
BHO-{E7F15AC4-E0A9-43F0-921B-70DFEA621220} - c:\windows\system32\796525\796525.dll
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082RZUS
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 21:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3636)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-21 21:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-21 01:12

Pre-Run: 30,594,224,128 bytes free
Post-Run: 30,933,680,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

227 --- E O F --- 2009-03-25 07:00

Hello.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
AVG Free 8.5
Critical Update for Windows Media Player 11 (KB959772)
Form Fill (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InfraRecorder
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Map Button (Windows Live Toolbar)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org 2.4
Popup Blocker (Windows Live Toolbar)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Smart Menus (Windows Live Toolbar)
SoundMAX
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6i
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Toolbar

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

AVG scans still show 13 locked files unable to scan and when running Windows Live Onecare scan found PWS:Win32\Zbot.PI says not able to fix
otherwise computer better

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.36
Database version: 2171
Windows 5.1.2600 Service Pack 3

5/23/2009 6:16:46 PM
mbam-log-2009-05-23 (18-16-46).txt

Scan type: Quick Scan
Objects scanned: 79931
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{cdb65423-01f2-4caf-b56d-ff0590d26ec7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

DDS (Ver_09-05-14.01) - NTFSx86
Run by user at 19:41:19.32 on Sat 05/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.318 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\dds.scr
C:\DOCUME~1\user\LOCALS~1\Temp\RarSFX0\FI.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\limewi~1.lnk - e:\limewire\LimeWire.exe
IE: &Search
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236478306140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236478255187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-24 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-24 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-24 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-24 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-24 298776]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-05-23 18:05 --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-05-23 18:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-23 18:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 18:05 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-23 18:05 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-22 16:45 --d----- c:\program files\Trend Micro
2009-05-22 13:25 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-05-22 00:23 --d----- c:\windows\system32\XPSViewer
2009-05-21 22:56 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-21 22:56 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-21 22:56 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-21 22:56 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-21 22:56 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-21 22:56 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-21 22:56 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-21 22:56 --d----- C:\72961f7d1b7a81967de9be
2009-05-21 22:45 --d----- C:\0082efdb8d9eb80882
2009-05-21 22:44 --d----- C:\4d1ca7d6933a649faf07bc5d7d76
2009-05-20 20:52 a-dshr-- C:\cmdcons
2009-05-20 20:46 161,792 a------- c:\windows\SWREG.exe
2009-05-20 20:46 130,048 a------- c:\windows\PEV.exe
2009-05-20 20:46 98,816 a------- c:\windows\sed.exe
2009-05-06 18:57 --dsh--- c:\documents and settings\user\IECompatCache
2009-05-05 22:23 --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-05-04 23:23 --dsh--- c:\documents and settings\user\PrivacIE
2009-05-04 23:16 --dsh--- c:\documents and settings\user\IETldCache
2009-05-04 22:43 --d----- c:\windows\ie8updates
2009-05-04 22:43 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-04 22:40 -cd-h--- c:\windows\ie8
2009-05-04 21:51 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-04 21:51 --d----- c:\program files\SUPERAntiSpyware
2009-05-04 21:51 --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-05-04 21:44 --d----- c:\program files\common files\Wise Installation Wizard
2009-05-04 21:33 --d----- c:\docume~1\user\applic~1\DriverCure
2009-05-04 21:33 --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-05-04 21:33 --d----- c:\docume~1\alluse~1\applic~1\DriverCure
2009-05-04 21:21 --d----- c:\docume~1\user\applic~1\Desktopicon
2009-05-04 21:21 --d----- c:\program files\Unlocker
2009-05-04 17:30 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-04 17:30 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-04 17:30 --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-04 17:29 --d----- c:\program files\common files\Symantec Shared
2009-05-04 17:29 --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-05-04 17:29 --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-05-04 17:23 --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-05-04 17:09 --d----- c:\docume~1\user\applic~1\GetRightToGo
2009-05-01 10:30 102,664 a------- c:\windows\system32\drivers\tmcomm.sys

==================== Find3M ====================

2009-05-04 14:49 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-04 14:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-04 14:49 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2008-05-12 10:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 19:41:42.09 ===============

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\72961f7d1b7a81967de9be
  C:\0082efdb8d9eb80882
  C:\4d1ca7d6933a649faf07bc5d7d76
  c:\windows\PEV.exe
  c:\windows\sed.exe
  
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========= FILES ==========
C:\72961f7d1b7a81967de9be\i386 moved successfully.
C:\72961f7d1b7a81967de9be\amd64 moved successfully.
C:\72961f7d1b7a81967de9be moved successfully.
C:\0082efdb8d9eb80882 moved successfully.
C:\4d1ca7d6933a649faf07bc5d7d76\tools moved successfully.
C:\4d1ca7d6933a649faf07bc5d7d76\dotnetfx35\x86 moved successfully.
C:\4d1ca7d6933a649faf07bc5d7d76\dotnetfx35 moved successfully.
C:\4d1ca7d6933a649faf07bc5d7d76\dotnetfx30\x86 moved successfully.
C:\4d1ca7d6933a649faf07bc5d7d76\dotnetfx30 moved successfully.
C:\4d1ca7d6933a649faf07bc5d7d76\dotnetfx20 moved successfully.
C:\4d1ca7d6933a649faf07bc5d7d76 moved successfully.
c:\windows\PEV.exe moved successfully.
c:\windows\sed.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05232009_211803

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.



We can remove OTMoveIt now.

• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?

My computer is so much better! I tried posting the results of the last ComboFix scan but says too large. All scans now show no viruses including the the Windows Live Onecare. AVG still does show the locked files. Is that still a concern? Also, How can I further prevent this from happening again ? Thanks so much! I appreciate all your help.

The reason why you could not post teh Combofix log was due to teh fact that it was too large so you had to split it up into 2 posts or more if required. What locked files specifically?



Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Locked files
C:\Documentsandsettings\localservice\localsettings\Application
C:\Documentsandsettings\localservice\NTUSER.DAT
C:\Documentsandsettings\Networkservice\localsettings\Application
C:\Documentsandsettings\Networkservice\NTUSER.DAT
C:\pagefile.sys
C:\system volume information

Have you used "Unlocker" to try to unlock them?

Well, when I first put unlocker on the computer that is what I intended on doing but couldn't locate the files. thanks

What are these files preventing you from doing?

Nothing I believe. I was just asking if I need be concerned because my anti virus didn't used to list them as locked until the viruses got on the computer and then when I ran scans it started to say that these files are locked and cannot be scanned. And it is still showing that they are locked and cannot be scanned but the computer itself is running good and all scans are not listing any known viruses. :hmm:

If there is no concern, then I think we are good. thanks

I have researched the files and it seems that deleting them would ahrm your system and NTUSER.DAT is crucial to your system:

The NTUSER dat file is actually one of your Registry files. Unlike the other Registry files, NTUSER.DAT is stored in your personal Documents and Settings folder and contains the entire contents of the HKEY_LOCAL_USER branch of the Registry. You can’t delete it because it’s in use and protected, and you wouldn’t want to because otherwise you’ll mess up your whole computer! It will grow as you install more software that creates keys and sub keys in this branch of the Registry, and so is perfectly normal. To summarise: leave NTUSER.DAT alone.

Thank you Hot2na


So you should leave them alone

Thought I was done bothering you but when updating all my programs and everything, it seems that I cannot udate my Adobe Reader I get an error saying please make sure you have access to this key Hkey_Local_Machine|Software|Microsoft|Windows|Current Version\Run\Optional Components|MSFS
or contact personnel