Cannot Remove Virus

2

Comments

  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    I've tried to run a Bitdefender Online Scan, but when I click the link, nothing happens. I assume that whatever has infected the PC is blocking it.

    We don't nead any more scanner's here. We'll Handle this without using bitdefenders online scanner.

    Kaspersky log looks Clean, I suggest You clean your system Restore once again.

    Let's have a look, panda is finding some lefover's in the registry we might have to clean it up too:

    Start With this:

    Download VirtumundoBegone

    Save VirtumundoBeGone.exe to your desktop.
    Run VirtumundoBeGone.exe and follow the instructions. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, this is normal and expected.
    When it has finished, reboot.

    ==


    Now do the following:

    Go to Start » Run » type in: regedit » OK.
    • On the leftside, click to highlight My Computer at the top.
    • Go up to File » Export
      Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
    • Choose to save it to C:\
    • Click Save and then go to File » Exit.
    This is so the registry can be restored to this point if we need it. It may take a minute.

    Open notepad and copy and paste next present in the quotebox below in it:
    (don't forget to copy and paste REGEDIT4)
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]

    Save this as fix.reg Choose to save as all files and place it on your desktop.

    Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.



    Alright, when you are done with that, :


    Next, Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    MediaPipe


    Now, Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

    C:\Program Files\DownloadManager\insdl.dll
    C:\Program Files\DownloadManager\p2pinst.exe

    And search The Following folder, Delete ( If Present)

    C:\Program Files\MediaPipe
    C:\WINDOWS\SmFzZSBIb3R0ZW5yb3Ro



    VirtumundoBeGone created a log on your desktop called VBG.TXT, post this log and a HiJackThis log

    Before scanning with the online scanner's make sure u Use CCleaner to clean up cookies etc..

    After that you have scanned with Kaspersky & Panda Online scanners, Be sure you post the results in here in your next reply.

    Thanks.
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Please Save the logfile made by Spybot, i would like to see what it found :)
  • edited March 2007
    Logfile of HijackThis v1.99.1
    Scan saved at 1:28:57 AM, on 3/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

    Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event

    Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

    Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program

    Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program

    Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

    Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

    Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP

    Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search &

    Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program

    Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

    http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) -

    http://63.251.81.180/component/VZWDLManager.cab
    O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} -

    http://www.joga.com/activex/uploadactx.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://315426.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

    http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -

    http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1

    \MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1

    \MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil

    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program

    Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

    Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • edited March 2007
    [03/04/2007, 1:12:23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jase\Desktop\VirtumundoBeGone.exe" )
    [03/04/2007, 1:12:42] - Detected System Information:
    [03/04/2007, 1:12:42] - Windows Version: 5.1.2600, Service Pack 2
    [03/04/2007, 1:12:42] - Current Username: Jase (Admin)
    [03/04/2007, 1:12:42] - Windows is in NORMAL mode.
    [03/04/2007, 1:12:42] - Searching for Browser Helper Objects:
    [03/04/2007, 1:12:42] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
    [03/04/2007, 1:12:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/04/2007, 1:12:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [03/04/2007, 1:12:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [03/04/2007, 1:12:42] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [03/04/2007, 1:12:43] - BHO 3: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [03/04/2007, 1:12:43] - Finished Searching Browser Helper Objects
    [03/04/2007, 1:12:43] - Finishing up...
    [03/04/2007, 1:12:43] - Nothing found! Exiting...

    [03/04/2007, 1:13:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jase\Desktop\VirtumundoBeGone.exe" )
    [03/04/2007, 1:13:27] - Detected System Information:
    [03/04/2007, 1:13:27] - Windows Version: 5.1.2600, Service Pack 2
    [03/04/2007, 1:13:27] - Current Username: Jase (Admin)
    [03/04/2007, 1:13:27] - Windows is in NORMAL mode.
    [03/04/2007, 1:13:27] - Searching for Browser Helper Objects:
    [03/04/2007, 1:13:27] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
    [03/04/2007, 1:13:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/04/2007, 1:13:27] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [03/04/2007, 1:13:27] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [03/04/2007, 1:13:27] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [03/04/2007, 1:13:27] - BHO 3: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [03/04/2007, 1:13:27] - Finished Searching Browser Helper Objects
    [03/04/2007, 1:13:27] - Finishing up...
    [03/04/2007, 1:13:27] - Nothing found! Exiting...

    [03/04/2007, 1:13:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jase\Desktop\VirtumundoBeGone.exe" )
    [03/04/2007, 1:13:43] - Detected System Information:
    [03/04/2007, 1:13:43] - Windows Version: 5.1.2600, Service Pack 2
    [03/04/2007, 1:13:43] - Current Username: Jase (Admin)
    [03/04/2007, 1:13:43] - Windows is in NORMAL mode.
    [03/04/2007, 1:13:43] - Searching for Browser Helper Objects:
    [03/04/2007, 1:13:43] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
    [03/04/2007, 1:13:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [03/04/2007, 1:13:43] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [03/04/2007, 1:13:43] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [03/04/2007, 1:13:43] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [03/04/2007, 1:13:43] - BHO 3: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [03/04/2007, 1:13:43] - Finished Searching Browser Helper Objects
    [03/04/2007, 1:13:43] - Finishing up...
    [03/04/2007, 1:13:43] - Nothing found! Exiting...
  • edited March 2007
    Here is the part of the Spybot log that couldn't be cleaned. I can't post the entire log as it has far too many characters.

    --- Search result list ---
    CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4

    CoolWWWSearch.Leftovers: Trusted Site (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4

    CoolWWWSearch.Mupdate: Trusted Site (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4

    CoolWWWSearch.Toolband: Trusted Site (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4

    ABetterInternet: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

    MediaMotor: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4

    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
  • edited March 2007
    Thanks for being so patient through all of this...it is greatly appreciated!

    You Rock!
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    No Problem :smiles:

    We'll Continue


    Download CWShredder to its own folder.

    Update CWShredder
    • Open CWShredder and click I AGREE
    • Click Check For Update
    • Close CWShredder

    Boot into Safe Mode:
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

    ==

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Double-click smitfraudfix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    In you Next Reply Please Post The content of smitfraudfix.

    Thanks.
  • edited March 2007
    SmitFraudFix v2.147

    Scan done at 2:14:01.43, Sun 03/04/2007
    Run from C:\Documents and Settings\Jase\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jase


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jase\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jase\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    you should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, fouble-click smitfraudfix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background
  • edited March 2007
    SmitFraudFix v2.147

    Scan done at 2:33:00.46, Sun 03/04/2007
    Run from C:\Documents and Settings\Jase\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost



    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
  • edited March 2007
    I'm not sure anything happened.

    CWShredder didn't find anything.

    After posting the Smitfraud log, I ran another Spybot scan and it came up with the exact same stuff. 19 items, none of which it could fix.

    :)
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Well, There's nothing Critical Left on your system.

    I wonder what Spybot is finding?

    Could you please Add the Logfile. :)

    Thanks.
  • edited March 2007
    Do you want the entire log file broken up into parts, or just the beginning with the names/filepaths?
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Please try to paste the whole Report of Spybot in here.
  • edited March 2007
    After attempting to fix it, it says that some files could not be fixed and that a reason could be that some files are still in use in memory.

    Then it requests permission to run on boot.

    I have said yes before, but it couldn't remove any of the 19 things.

    I'll post the log in a second.
  • edited March 2007
    CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4

    CoolWWWSearch.Leftovers: Trusted Site (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4

    CoolWWWSearch.Mupdate: Trusted Site (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4

    CoolWWWSearch.Toolband: Trusted Site (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4

    ABetterInternet: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4

    MediaMotor: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-02-06 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-02-28 Includes\Cookies.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-02-28 Includes\DialerC.sbi (*)
    2007-02-07 Includes\Hijackers.sbi (*)
    2007-02-28 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-02-28 Includes\KeyloggersC.sbi (*)
    2007-02-14 Includes\Malware.sbi (*)
    2007-02-28 Includes\MalwareC.sbi (*)
    2007-01-19 Includes\PUPS.sbi (*)
    2007-02-28 Includes\PUPSC.sbi (*)
    2007-02-28 Includes\Revision.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-02-28 Includes\SecurityC.sbi (*)
    2007-02-02 Includes\Spybots.sbi (*)
    2007-02-28 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2007-02-14 Includes\Trojans.sbi (*)
    2007-02-28 Includes\TrojansC.sbi (*)
  • edited March 2007
    That is the results, I can save a full report if you like?

    That's what I did before, I didn't click the safe "results" option, that's why the log file was so large. I believe it was some 3,000,000 characters. It said to reduce it to something like 500,000 or something like that.

    I can still post a full report if you like...

    Also, I still have the Spybot session open, should I allow it to run on boot?
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Hold on, I will post Instructions in a sec :smiles:
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Go to Start » Run » type in: regedit » OK.
    • On the leftside, click to highlight My Computer at the top.
    • Go up to File » Export
      Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
    • Choose to save it to C:\
    • Click Save and then go to File » Exit.
    This is so the registry can be restored to this point if we need it. It may take a minute.

    Open notepad and copy and paste next present in the quotebox below in it:
    (don't forget to copy and paste REGEDIT4)
    REGEDIT4

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\ysbweb.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\clickspring.net]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\my-internet.info]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\scoobidoo.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\greatplugin.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\masspass.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\isprime.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\popuppers.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\media-motor.net]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\cc20foreva.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\ewizard.cc]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\fast-look.com

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\****-****.org]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\ga31.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\letgohome.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\msnprotection.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\rf104.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\v-224.com]

    [-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\veryeasysearch.com]


    Save this as fix.reg Choose to save as all files and place it on your desktop.

    Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

    Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! I Suggest you print these Instructions out.


    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.
  • edited March 2007

    AVG Anti-Spyware - Scan Report

    + Created at: 8:13:29 AM 3/4/2007

    + Scan result:



    C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
    C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    HKU\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
    C:\WINDOWS\SmFzZSBIb3R0ZW5yb3Ro\mAIWtm1KvalXtqcVvalC.vbs -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Please Emtpy AVG Anti-Spyware Quarantine.

    When done Emptying AVG's Quarantine do the following:

    Please run Panda's ActiveScan You will need to use Internet Explorer to run it.
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    o If it wants to install an ActiveX component allow it
    o It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    o When download is complete, click on My Computer to start the scan
    o When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


    Post the contents of the ActiveScan report.

    Let me know How things are running :smiles:
  • edited March 2007
    Logfile of HijackThis v1.99.1
    Scan saved at 8:19:09 AM, on 3/4/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab
    O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} - http://www.joga.com/activex/uploadactx.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://315426.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Your Hijackthis Logfile is clean :)

    Please follow my earlier instructions i gave you.

    Thanks.
  • edited March 2007
    Incident Status Location

    Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
    Spyware:spyware/virtumonde Not disinfected Windows Registry
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\038E337Bd01[²ƒÇ]
    Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\VirtumundoBeGone.exe[²ƒÇ]
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    We still have few things to do ;)

    Go to Start » Run » type in: regedit » OK.
    • On the leftside, click to highlight My Computer at the top.
    • Go up to File » Export
      Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
    • Choose to save it to C:\
    • Click Save and then go to File » Exit.

    Open notepad and copy and paste next present in the quotebox below in it:
    (don't forget to copy and paste REGEDIT4)
    REGEDIT4

    [-HKEY_CLASSES_ROOT\Software\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]

    Save this as fix.reg Choose to save as all files and place it on your desktop.

    Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

    Now you could scan and Clean Up things using CCleaner.


    Next Please Run a scan using:

    Kaspersky On-line Scanner

    When you are prompted to install an ActiveX component from Kaspersky, Click Yes.

    The program will launch and then begin downloading the latest definition files
    When the files finish downloading click on NEXT
    Now click on Scan Settings
    In Scan Settings make sure that the following are selected:
    Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)

    Scan Options:

    Scan Archives
    Scan Mail Bases


    Click OK

    Now under select a target to scan:
    Select My Computer
    This program will start and scan your system.
    Online scan can take a long time to complete and the time is impacted by the speed of your internet connection. Be patient and let it run. It is best not to do anything else while the scan is running. This will help it to complete faster.
    When the scan has completed, it will display whether your system has been infected or not
    Click on the Save as Text button:
    Save the file to your desktop or another folder where you can locate it later.
    Attach this file to your next message.

    How are things?
  • edited March 2007
    alright, scan in progress...
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Alright, i guess you are already familiar with these scanners :D
  • edited March 2007

    KASPERSKY ONLINE SCANNER REPORT
    Sunday, March 04, 2007 10:10:04 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 4/03/2007
    Kaspersky Anti-Virus database records: 275768

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 45136
    Number of viruses found: 1
    Number of infected objects: 9 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:34:26

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Credentials\S-1-5-21-956346901-3262614430-1109689657-1010\Credentials Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\map.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR12.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR13.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR14.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR15.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR16.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\ListCache.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR17.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR36.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR4F.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata00.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata01.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata02.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata03.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata04.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata05.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata06.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata07.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata08.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata09.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata10.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata11.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata12.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\map.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR10.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR37.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR38.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR39.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3A.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3B.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3C.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3D.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3E.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3F.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR40.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR41.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR42.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR43.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR44.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR45.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR46.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR47.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR48.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR49.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4A.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4B.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4C.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4D.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4E.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR6.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR7.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR8.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR9.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRA.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRB.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRC.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRD.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRE.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRF.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\map.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR19.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1B.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1D.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1F.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR21.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR23.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR25.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR27.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR29.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2B.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2D.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2F.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR31.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR33.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR35.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\map.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5D.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5E.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5F.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR60.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR61.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\ListCache.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR62.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR81.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR94.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata00.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata01.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata02.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata03.sqm Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\map.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR51.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR52.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR53.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR54.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR55.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR56.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR57.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR58.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR59.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5A.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5B.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR86.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR87.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR88.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR89.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8A.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8B.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8C.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8D.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8E.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8F.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR90.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR91.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR92.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR93.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\map.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR64.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR66.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR68.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6A.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6C.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6E.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR70.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR72.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR74.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR76.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR78.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7A.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7C.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7E.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR80.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\15aa42ac-aea2-48e4-bdc3-00a9872c44c9 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\Preferred Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\8d723408-edea-4412-a47b-284ab39c0778 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\Preferred Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell Auction.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Dell\Gigabuys.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Dell\Support.Dell.com.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Links\Customize Links.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Links\Free Hotmail.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Links\RealPlayer.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Marketplace.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Media.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\MSN.com.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\Radio Station Guide.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Favorites\RealPlayer Home Page.url Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\IconCache.db Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072820060729\index.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Large.jpg Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Small.jpg Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Large.jpg Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Small.jpg Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Cordero__Vamos_Nenas.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Get More with Jukebox Plus.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Imperial_Teen__Sugar.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\My Playlists\DMX_TempList.wpl Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Slobberbone__Sister_Beams.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\The_Flatlanders__Julia.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\01 Track 1.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\02 Track 2.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\03 Track 3.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\04 Track 4.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\05 Track 5.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\06 Track 6.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\07 Track 7.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\08 Track 8.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\09 Track 9.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\10 Track 10.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\11 Track 11.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\12 Track 12.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\13 Track 13.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\14 Track 14.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\15 Track 15.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\16 Track 16.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\17 Track 17.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript1.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript2.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript3.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript4.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript5.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript6.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript7.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript8.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript9.PspScript Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Experience.mpg Object is locked skipped
    C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Thumbs.db Object is locked skipped
    C:\Documents and Settings\Dr. Enro\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Dr. Enro\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Dr. Enro\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\EXCEL.XLS Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\EXCEL4.XLS Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\LOTUS.WK4 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\POWERPNT.PPT Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\PRESENTA.SHW Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\QUATTRO.WB2 Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\SNDREC.WAV Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\WINWORD.DOC Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\WINWORD2.DOC Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPD Object is locked skipped
    C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPG Object is locked skipped
    C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\history.dat Object is locked skipped
    C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\key3.db Object is locked skipped
    C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Jase\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\63329BDCd01/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\63329BDCd01/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\63329BDCd01 RarSFX: infected - 2 skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\63329BDCd01 PE_Patch.UPX: infected - 2 skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\History\History.IE5\MSHist012007030420070305\index.dat Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jase\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Jase\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\My Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\My Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\My Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\My Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
    C:\My Downloads\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.ilg Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0343.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0344.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0345.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0346.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0347.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0348.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0349.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0350.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0351.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0352.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\ZbThumbnail.info Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0343.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0344.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0345.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0346.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0347.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0348.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0349.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0350.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0351.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0352.JPG Object is locked skipped
    C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\ZbThumbnail.info Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\HOTTENROTH.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat Object is locked skipped
    C:\WINDOWS\Temp\ZLT00bf9.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT00bfc.TMP Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
    C:\WINDOWS\WIASERVC.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
  • edited March 2007
    Alright, i guess you are already familiar with these scanners :D


    That's for sure! lol
  • Rahina-RescueRahina-Rescue Finland
    edited March 2007
    Well i'm not seeing anything in Kaspersky's logfile.

    Youu could scan with CCleaner again and clean up things.

    Go ahead and delete Smitfraudfix if you want to, it's not needed here anymore.

    How are things running? Any Issues?
This discussion has been closed.