hi there... i've found this very useful and helpful site, and have the hope that u guys are going to help me thru this... recently my wife (who doesn't know much about computers) tried to recover her old email account password using Hotmail & MSN Password Recovery, without me having any knowledge of its evil existance in my pc (i hate those kind of softwares to be honest... they promise a lot and only give you trouble and more trouble), after all this, i used CCleaner like i usually do (i would say i use it on a daily basis... love to keep it clean), and after cleaning i did my usual double analysis, and returned that some files couldnt be erased at all, and returned something like this: C:\~\Archivos temporales de Internet\Content.IE5\index.dat C:\~\Cookies\index.dat C:\~\Historial\History.IE5\desktop.ini C:\~\Historial\History.IE5\index.dat C:\~\Historial\History.IE5\MSHist012009030320090304\index.dat C:\WINDOWS\system32\wbem\Logs\wbemcore.log 2.80KB C:\WINDOWS\system32\wbem\Logs\wbemess.log 3.05KB C:\WINDOWS\system32\wbem\Logs\wmiprov.log 134 bytes C:\WINDOWS\0.log 0 bytes i checked the Windows Task Manager, and there weren't any weird process going on, but when i try to kill some of the normal ones, i get a popup saying that entry is being used or something like it, next thing i tried is running a full system scan with my antivirus... i use ESET Smart Security, and it showed me a couple of files from the Hotmail & MSN Password Recovery folder infected with a possible variant of PSW.Delf trojan, but although the antivirus deleted them and sent the copy to Quarantine... i still can't install any new program, it says that i don't have administrator rights to do so, i tried installing (in safe mode, which was the only way the computer allowed me to install anything) some cleaners like Malwarebytes, which didnt detect anything, Spyware Doctor and Spybot Search n Destroy, none couldnt find anything weird at all... i proceeded to scan with HijackThis, it said: It looks like you're running HijackThis from a read-only device like a CD or a locked floppy disk, and also says that couldnt make any backup of deleted files that way... it also said "you could get Path/File Access errors"... further on it said that my system denied the access to the HOST file, and gave me the instructions to edit the file, which i didnt do cuz i dont want to cause any more damage to the computer... anyway i finished a scan and here is the log: i also noticed in the second scan i ran this entry: O17 - HKLM\System\CCS\Services\Tcpip\..\{CB1ACE0B-1ABB-42FE-B8AC-2F87DD7E7A45}: NameServer = 192.168.1.254,192.168.2.254 as i have researched a bit, i found out that this so-called Password Recovery tool, also sends info to someone... God knows who... i really really hope that some could help me, i really don't want to format all over again... thanks a million guys =) Bernie p.s. i was going to post the HijackThis log, but after i wrote the whole msg i noticed it could be posted till i was told to do so... i have it here anyway... :) thanks ppl