hi dan: here's the new combofix log
ComboFix 09-03-14.02 - ABC STUDENT 2009-03-15 14:26:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.124 [GMT -5:00]
Running from: c:\documents and settings\ABC STUDENT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ABC STUDENT\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\ACTSKN43.OCX
c:\windows\system32\actsplash.ocx
c:\windows\system32\dllcache\SICKBOY.exe
c:\windows\system32\Flash.ocx
c:\windows\system32\MSADODC.ocx
c:\windows\system32\ProgressBar4.ocx
c:\windows\system32\stu2.exe
c:\windows\system32\threadapi.tlb
c:\windows\system32\VB6STKIT.DLL
c:\windows\system32\XceedBkp.dll
c:\windows\system32\XceedCry.dll
c:\windows\Tasks\ErrorFix Scan.job
c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\Logs\2009-03-07 16-03-540.log
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\Logs\2009-03-07 18-32-090.log
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\Logs\2009-03-07 18-33-250.log
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\filelist.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-0.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-1.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-10.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-100.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-101.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-102.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-103.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-104.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-105.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-106.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-107.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-108.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-109.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-11.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-110.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-111.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-112.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-113.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-114.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-115.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-116.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-117.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-118.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-119.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-12.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-120.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-121.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-122.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-123.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-124.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-125.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-126.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-127.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-128.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-129.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-13.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-130.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-131.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-132.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-133.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-134.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-135.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-136.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-137.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-138.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-139.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-14.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-140.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-141.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-142.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-143.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-144.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-145.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-146.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-147.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-148.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-149.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-15.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-150.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-151.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-152.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-153.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-154.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-155.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-156.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-157.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-158.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-159.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-16.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-160.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-161.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-162.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-163.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-164.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-165.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-166.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-167.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-168.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-169.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-17.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-170.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-171.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-172.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-173.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-174.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-175.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-176.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-177.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-178.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-179.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-18.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-180.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-181.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-182.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-183.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-184.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-185.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-186.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-187.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-188.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-19.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-2.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-20.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-21.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-22.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-23.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-24.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-25.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-26.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-27.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-28.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-29.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-3.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-30.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-31.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-32.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-33.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-34.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-35.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-36.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-37.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-38.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-39.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-4.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-40.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-41.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-42.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-43.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-44.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-45.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-46.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-47.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-48.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-49.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-5.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-50.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-51.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-52.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-53.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-54.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-55.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-56.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-57.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-58.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-59.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-6.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-60.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-61.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-62.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-63.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-64.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-65.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-66.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-67.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-68.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-69.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-7.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-70.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-71.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-72.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-73.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-74.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-75.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-76.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-77.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-78.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-79.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-8.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-80.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-81.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-82.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-83.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-84.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-85.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-86.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-87.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-88.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-89.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-9.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-90.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-91.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-92.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-93.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-94.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-95.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-96.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-97.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-98.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\QuarantineW\2009-03-07 16-04-510\regb-99.db
c:\documents and settings\ABC STUDENT\Application Data\ErrorFix\resultsw.db
c:\windows\system32\ACTSKN43.OCX
c:\windows\system32\actsplash.ocx
c:\windows\system32\dllcache\SICKBOY.exe
c:\windows\system32\Flash.ocx
c:\windows\system32\MSADODC.ocx
c:\windows\system32\ProgressBar4.ocx
c:\windows\system32\stu2.exe
c:\windows\system32\threadapi.tlb
c:\windows\system32\VB6STKIT.DLL
c:\windows\system32\XceedBkp.dll
c:\windows\system32\XceedCry.dll
c:\windows\Tasks\ErrorFix Scan.job
c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.
2009-03-13 21:03 . 2009-03-13 21:03 <DIR> d-------- C:\_OTMoveIt
2009-03-12 20:18 . 2009-03-14 23:20 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-11 18:51 . 2009-03-11 18:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-11 18:51 . 2009-03-11 18:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-11 18:42 . 2009-03-11 18:48 <DIR> d-------- c:\documents and settings\ABC STUDENT\.SunDownloadManager
2009-03-07 21:46 . 2009-03-07 21:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-07 21:46 . 2009-03-07 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-07 21:46 . 2009-03-07 21:46 <DIR> d-------- c:\documents and settings\ABC STUDENT\Application Data\Malwarebytes
2009-03-07 21:46 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-07 21:46 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-07 20:19 . 2009-03-07 20:21 <DIR> d-------- c:\program files\FileASSASSIN
2009-03-07 01:22 . 2009-03-07 01:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-07 01:21 . 2009-03-07 01:21 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-07 01:21 . 2009-03-07 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-06 23:07 . 2009-03-06 23:07 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 22:35 . 2009-03-06 22:46 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-04 19:55 . 2009-03-15 13:43 <DIR> d-------- c:\program files\SpyNoMore
2009-03-04 19:55 . 2009-03-04 19:55 1,152 --a------ c:\windows\system32\windrv.sys
2009-03-04 19:54 . 2009-03-04 20:11 <DIR> d-------- c:\documents and settings\ABC STUDENT\Application Data\GetRightToGo
2009-03-02 22:49 . 2009-03-02 22:49 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\82adf2c
2009-02-27 18:18 . 2007-03-01 19:37 38,400 --a------ c:\windows\system32\diag2.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 19:21 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-15 18:46 47,104 ----a-w c:\windows\system32\rpcnet.dll
2009-03-15 18:46 17,408 ----a-w c:\windows\system32\rpcnetp.exe
2009-03-11 23:50 --------- d-----w c:\program files\Java
2009-03-10 02:28 --------- d-----w c:\documents and settings\ABC STUDENT\Application Data\dvdcss
2009-02-21 02:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-21 00:21 17,408 ----a-w c:\windows\system32\rpcnetp.dll
2009-02-12 03:17 --------- d-----w c:\documents and settings\ABC STUDENT\Application Data\vlc
2009-02-12 03:13 --------- d-----w c:\program files\VideoLAN
2009-02-11 04:25 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-09 04:41 --------- d-----w c:\program files\Google
2009-01-28 03:20 --------- d-----w c:\program files\Common Files\Adobe
2009-01-27 01:16 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-27 01:13 --------- d-----w c:\program files\Microsoft.NET
2009-01-27 00:36 --------- d-----w c:\program files\Symantec
2009-01-27 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-15 18:06 0 ----a-w c:\documents and settings\ABC STUDENT\Application Data\wklnhst.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\82adf2c ----
2009-03-02 22:49 1907200 --a------ c:\documents and settings\All Users\Application Data\82adf2c\VMelt.exe
2009-03-02 22:49 11545 --a------ c:\documents and settings\All Users\Application Data\82adf2c\System Data\vd952342.bd
2009-01-20 00:08 710136 --a------ c:\documents and settings\All Users\Application Data\82adf2c\mozcrt19.dll
2009-01-20 00:08 395768 --a------ c:\documents and settings\All Users\Application Data\82adf2c\sqlite3.dll
2008-01-14 16:14 1618 --a------ c:\documents and settings\All Users\Application Data\82adf2c\BackUp\Digital Line Detect.lnk
((((((((((((((((((((((((((((( SnapShot@2009-03-15_12.36.59.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-15 18:46:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_750.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-11 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 148888]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2009-03-04 1067984]
"SigmatelSysTrayApp"="stsystra.exe" [2007-04-23 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-14 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2008-01-14 3456]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-08-23 5376]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrv10910
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uInternet Connection Wizard,ShellNext =
hxxp://www.google.com/ig/dell?hl=en&cli ... bd=6080114IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ABC STUDENT\Application Data\Mozilla\Firefox\Profiles\uq02s0i7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage -
hxxp://yahoo.com/FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-15 14:28:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-15 14:29:13
ComboFix-quarantined-files.txt 2009-03-15 19:29:06
ComboFix2.txt 2009-03-15 17:37:50
Pre-Run: 51,993,772,032 bytes free
Post-Run: 51,987,087,360 bytes free
361
fresh hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:40 PM, on 3/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
www.google.com/ig/dell?hl=en&client=del ... bd=6080114O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6312 bytes